CVE-2026-40178
MEDIUM WAF: Low
CVSS 5.9
Published: 2026-04-10
CWE-287
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ajenti | ajenti_plugin_core | up to 0.112 |
References
- github.com (Vendor Advisory)