CVE-2026-40177

Summary

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.

Affected Software

VendorProductVersion RangeStatus
ajentiajenti< 0.112affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References