Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Unauthenticated access to servers using Ajenti admin panel
CVE-2026-27975
Summary
Before version 2.2.13, an attacker could gain control of any server using Ajenti, potentially allowing them to make changes or steal sensitive information. This is a serious issue, as it allows unauthorized access to servers. Update to version 2.2.13 or later to prevent this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ajenti | ajenti | <= 2.2.13 | – |
Original title
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the v...
Original description
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
nvd CVSS3.1
9.8
nvd CVSS4.0
8.1
Vulnerability type
CWE-284
Improper Access Control
- https://github.com/ajenti/ajenti/releases/tag/v2.2.13 Product Release Notes
- https://github.com/ajenti/ajenti/security/advisories/GHSA-vcw3-r3fx-j444 Patch Vendor Advisory
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026