Description
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.
Published: 2026-04-24
Score: 8.8 High
EPSS: 1.0% Low
KEV: No
Impact: Unauthenticated remote data modification and denial of service
Action: Immediate Patch
AI Analysis

Impact

CyberPanel versions prior to 2.4.4 contain an authentication bypass that allows unauthenticated attackers to write arbitrary data to the database through the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. This flaw, classified as CWE-306, can lead to denial of service via storage exhaustion, corrupt scan history entries, and data pollution. The primary impact is the compromise of data integrity and availability for any user with network access to the service.

Affected Systems

The vulnerability affects all instances of CyberPanel (usmannasir:cyberpanel) using versions before 2.4.4. No specific sub‑version list is provided, but any release older than 2.4.4 is susceptible.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, yet the EPSS score of less than 1% demonstrates that exploitation is currently considered rare. The flaw is not listed in the CISA KEV catalog. Attackers would likely target the exposed API endpoints over the network, bypassing authentication entirely to inject malicious data or trigger resource exhaustion. Given the lack of mitigations and the broad exposure of the endpoints, systems with publicly accessible API routes remain at significant risk until a patch or workaround is applied.

Generated by OpenCVE AI on April 28, 2026 at 05:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CyberPanel to version 2.4.4 or later to eliminate the authentication bypass.
  • If an upgrade is not immediately possible, block unauthenticated traffic to the /api/ai-scanner/* endpoints using firewall rules, reverse proxy authentication, or a web‑application firewall.
  • Monitor database changes and scan history logs for anomalous writes and apply configuration restrictions to enforce authentication on the AI Scanner API endpoints if custom fixes are available.

Generated by OpenCVE AI on April 28, 2026 at 05:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Cyberpanel
Cyberpanel cyberpanel
CPEs cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*
Vendors & Products Cyberpanel
Cyberpanel cyberpanel
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Usmannasir
Usmannasir cyberpanel
Vendors & Products Usmannasir
Usmannasir cyberpanel

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Description CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.
Title CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Cyberpanel Cyberpanel
Usmannasir Cyberpanel
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T13:47:41.253Z

Reserved: 2026-04-20T16:07:47.312Z

Link: CVE-2026-41473

cve-icon Vulnrichment

Updated: 2026-04-27T13:47:27.592Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T21:16:19.113

Modified: 2026-04-28T15:44:53.820

Link: CVE-2026-41473

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:17:44Z

Weaknesses