Aapanel

aapanel

Vendor: Aapanel • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-29859 1Aapanel 1Aapanel Mar 23, 2026 Mar 18, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2026-29858 1Aapanel 1Aapanel Mar 19, 2026 Mar 18, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.
CVE-2026-29856 1Aapanel 1Aapanel Mar 19, 2026 Mar 18, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.
CVE-2024-42922 1Aapanel 1Aapanel Jun 25, 2025 May 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
CVE-2022-26252 1Aapanel 1Aapanel Nov 21, 2024 Mar 27, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).
CVE-2021-37840 1Aapanel 1Aapanel Nov 21, 2024 Aug 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful...Show more aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).Show less
CVE-2020-14950 1Aapanel 1Aapanel Nov 21, 2024 Jun 21, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware S...Show more aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.Show less
CVE-2020-14421 1Aapanel 1Aapanel Nov 21, 2024 Jun 18, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.