CVE Catalog

CVE-2026-12195

HighCVSS 8.5
Published: Translated: NVD NIST

Summary

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can inject arbitrary commands via the v_ftp_user parameter when deleting FTP usernames.

Risk Assessment

An attacker can execute commands as the admin user or take over the admin account, leading to full compromise of the myVesta system.

Recommendation

Update myVesta to the latest patched version. Restrict user privileges and implement input validation.

Original NVD description (English source)

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS