HestiaCP Vulnerability Allows Admin Takeover via Cron Job Exploit

HestiaCP Vulnerability Allows Admin Takeover via Cron Job Exploit

First seen 5 Jul 2026, 09:47 UTC Mallory.Aicvefeed.ioprojectblack.io 87% similarity 69.0

Article Content

Browse articles
ThreatCluster

A high-severity vulnerability in HestiaCP, tracked as CVE-2026-12196, allows low-privileged users to take over administrator accounts through a broken access control in the panel's cron job feature. This flaw enables unauthorized users to modify privileged jobs and execute management scripts with passwordless sudo, leading to potential remote code execution. The vulnerability is compounded by missing CSRF token validation and is remotely exploitable, with a CVSS score of 8.3. No formal patch has been released yet, but a manual patch is available via GitHub pull request #5440. Security experts recommend immediate action to mitigate risks associated with this vulnerability. The flaw affects all versions of HestiaCP that utilize the cron job feature.

Key Points: • CVE-2026-12196 allows low-privileged users to take over admin accounts in HestiaCP. • The vulnerability is due to broken access control and missing CSRF validation. • A manual patch is available, but no formal release has been issued yet.

ThreatCluster AI

Timeline

2026-07-04
CVE-2026-12196 published
HestiaCP vulnerability disclosed, allowing admin takeover via cron job manipulation.
cvefeed.io
Recent
Manual patch available
A manual patch for CVE-2026-12196 can be found in GitHub pull request #5440.
Mallory.Ai

Community

Browse all →