cvefeed.io
HestiaCP Vulnerability Allows Admin Takeover via Cron Job Exploit
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A high-severity vulnerability in HestiaCP, tracked as CVE-2026-12196, allows low-privileged users to take over administrator accounts through a broken access control in the panel's cron job feature. This flaw enables unauthorized users to modify privileged jobs and execute management scripts with passwordless sudo, leading to potential remote code execution. The vulnerability is compounded by missing CSRF token validation and is remotely exploitable, with a CVSS score of 8.3. No formal patch has been released yet, but a manual patch is available via GitHub pull request #5440. Security experts recommend immediate action to mitigate risks associated with this vulnerability. The flaw affects all versions of HestiaCP that utilize the cron job feature.
Key Points: • CVE-2026-12196 allows low-privileged users to take over admin accounts in HestiaCP. • The vulnerability is due to broken access control and missing CSRF validation. • A manual patch is available, but no formal release has been issued yet.