CVE Catalog

CVE-2026-12196

HighCVSS 8.3
Published: Translated: NVD NIST

Summary

The cronjob feature in HestiaCP panel is affected by a broken access control vulnerability. Low privilege users can modify panel cronjobs to execute HestiaCP management scripts with passwordless sudo.

Risk Assessment

This could result in the takeover of administrator users in the application and the underlying webserver, leading to full system compromise.

Recommendation

Immediately update HestiaCP to the latest version and review user permissions, restricting access to the cronjob feature to trusted administrators only.

Original NVD description (English source)

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying webserver.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS