CRITICALCVE-2026-40177Published 2026-04-10Modified 2026-04-14CNA GitHub_M

CVE-2026-40177: Password bypass when 2FA is activated

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

ajenti / ajenti
< 0.112

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v

Metrics