Critical severity9.1NVD Advisory· Published Apr 24, 2026· Updated Apr 28, 2026
CVE-2026-41473
CVE-2026-41473
Description
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
3- github.com/usmannasir/cyberpanel/commit/0a099b1b193946555fbdd387a28486b1521f9961nvdPatch
- itsrez.re/post/cyberpanel-rcenvdExploitMitigationThird Party Advisory
- www.vulncheck.com/advisories/cyberpanel-unauthenticated-api-access-via-ai-scanner-endpointsnvdThird Party Advisory
News mentions
0No linked articles in our index yet.