High severity8.8NVD Advisory· Published Jan 21, 2026· Updated Apr 15, 2026
CVE-2021-47871
CVE-2021-47871
Description
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 1.3.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.