High severity8.8NVD Advisory· Published Jan 21, 2026· Updated Apr 15, 2026

CVE-2021-47871

Description

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.

Affected products

Hestiacp/Hestiacpreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hestiacp.comnvd
www.exploit-db.com/exploits/49667nvd
www.vulncheck.com/advisories/hestia-control-panel-arbitrary-file-writenvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000