CVE-2026-12195

Summary

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.

Affected Software

VendorProductVersion RangeStatus
myvestavesta0 < 95d7e43bf286d6881ca753dac93cb42d98cc7422affected

Weaknesses

  • CWE-78: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

References