CVE-2026-40177
HIGH WAF: Low
CVSS 7.5
Published: 2026-04-10
CWE-287
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ajenti | ajenti_plugin_core | up to 0.112 |
References
- github.com (Vendor Advisory)