EIP-2026-114675

PRE-CVE

aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114675. PoCs published by Ünsal Furkan Harani.

AI-analyzed exploit summary This exploit leverages an authenticated privilege escalation vulnerability in aaPanel 6.6.6 by abusing the crontab feature, which runs with root privileges. An authenticated admin can execute arbitrary shell commands via a crafted script in the crontab interface, leading to root access.

Description

aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)

Exploits (1)

exploitdb WORKING POC

by Ünsal Furkan Harani · textwebappspython

https://www.exploit-db.com/exploits/48886

View Code ZIP pw:eip

This exploit leverages an authenticated privilege escalation vulnerability in aaPanel 6.6.6 by abusing the crontab feature, which runs with root privileges. An authenticated admin can execute arbitrary shell commands via a crafted script in the crontab interface, leading to root access.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: aaPanel 6.6.6

Auth required

Prerequisites: Authenticated admin access to aaPanel · Access to the crontab feature

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059.004 - Unix Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026