Critical severity9.8NVD Advisory· Published Jan 27, 2026· Updated Apr 15, 2026

CVE-2020-36948

Description

VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vestacp.comnvd
www.exploit-db.com/exploits/49219nvd
www.vulncheck.com/advisories/vestacp-loginas-insufficient-session-validationnvd
www.vulnerability-lab.com/get_content.phpnvd
www.vulnerability-lab.com/show.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000