CVE-2026-40177 | THREATINT

Description

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.

PUBLISHED Reserved 2026-04-09 | Published 2026-04-10 | Updated 2026-04-14 | Assigner GitHub_M

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-287: Improper Authentication

Product status

< 0.112

affected

References

github.com/...ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v

cve.org (CVE-2026-40177)

nvd.nist.gov (CVE-2026-40177)

Download JSON