{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35175", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-01T17:26:21.133Z", "datePublished": "2026-04-06T17:51:54.898Z", "dateUpdated": "2026-04-07T15:59:22.076Z"}, "containers": {"cna": {"title": "Ajenti has an authorization bypass during custom package installation", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L", "version": "4.0"}}], "references": [{"name": "https://github.com/ajenti/ajenti/security/advisories/GHSA-73jv-44c3-j5p2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-73jv-44c3-j5p2"}, {"name": "https://github.com/ajenti/ajenti/releases/tag/v2.2.15", "tags": ["x_refsource_MISC"], "url": "https://github.com/ajenti/ajenti/releases/tag/v2.2.15"}], "affected": [{"vendor": "ajenti", "product": "ajenti", "versions": [{"version": "< 2.2.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:51:54.898Z"}, "descriptions": [{"lang": "en", "value": "Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15."}], "source": {"advisory": "GHSA-73jv-44c3-j5p2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T15:16:59.909065Z", "id": "CVE-2026-35175", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:59:22.076Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35175", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T15:16:59.909065Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:17:10.337Z"}}], "cna": {"title": "Ajenti has an authorization bypass during custom package installation", "source": {"advisory": "GHSA-73jv-44c3-j5p2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "ajenti", "product": "ajenti", "versions": [{"status": "affected", "version": "< 2.2.15"}]}], "references": [{"url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-73jv-44c3-j5p2", "name": "https://github.com/ajenti/ajenti/security/advisories/GHSA-73jv-44c3-j5p2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ajenti/ajenti/releases/tag/v2.2.15", "name": "https://github.com/ajenti/ajenti/releases/tag/v2.2.15", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:51:54.898Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35175", "state": "PUBLISHED", "dateUpdated": "2026-04-07T15:59:22.076Z", "dateReserved": "2026-04-01T17:26:21.133Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-06T17:51:54.898Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ajenti:ajenti:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED9724FB-BCD0-4A4B-8D88-0A5FD725A878", "versionEndExcluding": "2.2.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15."}], "id": "CVE-2026-35175", "lastModified": "2026-04-20T18:33:23.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-06T18:16:43.830", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/ajenti/ajenti/releases/tag/v2.2.15"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-73jv-44c3-j5p2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.15)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ajenti", "source": "cna", "vendor": "ajenti"}, "product": "ajenti", "vendor": "ajenti"}], "analysis": {"en": {"generated_at": "2026-04-07T02:52:18.476810+00:00", "value": {"mitigation_remediation": ["Upgrade Ajenti to version\u202f2.2.15 or newer.", "Ensure that only superuser accounts are permitted to install custom packages.", "If an upgrade is not immediately possible, disable custom package installation for non\u2011superuser accounts or restrict the auth_users plugin.", "Confirm that no other authenticated users have unnecessary permissions."], "summary": {"action": "Apply Patch", "impact": "Authorization bypass allowing non\u2011superuser installation of custom packages"}, "threat_synthesis": {"affected_systems": "The issue affects Ajenti versions prior to 2.2.15. The affected product is Ajenti, a Linux and BSD modular server admin panel, and the problem was fixed in release v2.2.15.", "description_and_impact": "An authenticated user who is not a superuser can install a custom package through Ajenti\u2019s auth_users authentication method. This vulnerability provides a weakness where the system fails to enforce proper permissions, and based on the description it is inferred that installing a custom package might allow the attacker to execute arbitrary code or achieve privilege escalation.", "risk_and_exploitability": "The CVSS score of 7.2 indicates high severity, and the vulnerability requires authenticated access to the Ajenti interface. The CVE description does not specify whether the attack can be performed remotely or locally; it is inferred that if the attacker already has credentials, the exploit could be launched over the network. The EPSS score is not available and the vulnerability is not listed in the KEV catalog, but the potential for privilege escalation warrants prompt action."}}}}, "created": "2026-04-07T06:54:49.325336+00:00", "updated": "2026-04-07T09:37:54.268555+00:00", "vendors": ["ajenti", "ajenti$PRODUCT$ajenti"]}