Browse all 4 CVE security advisories affecting ajenti. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ajenti serves as a lightweight web interface for server administration, providing centralized management of system services and configurations. Historically, the project has been susceptible to remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, particularly in versions prior to 2.0. Security researchers have identified authentication bypass weaknesses and insecure default configurations in earlier releases. While no major public security incidents have been widely documented, the presence of four CVEs indicates a history of exploitable vulnerabilities. The project's modular architecture and plugin system introduce additional attack surfaces, requiring careful configuration and regular updates to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40178 | ajenti.plugin.core has a race conditions in 2FA — ajentiCWE-287 | 8.1 | - | 2026-04-10 |
| CVE-2026-40177 | Password bypass when 2FA is activated — ajentiCWE-287 | 9.8AI | CriticalAI | 2026-04-10 |
| CVE-2026-35175 | Ajenti has an authorization bypass during custom package installation — ajentiCWE-862 | 6.5AI | MediumAI | 2026-04-06 |
| CVE-2026-27975 | Ajenti has a potential Remote Code Execution — ajentiCWE-284 | 9.8AI | CriticalAI | 2026-02-26 |
This page lists every published CVE security advisory associated with ajenti. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.