Cyber Posture

CVE-2026-41473

CriticalPublic PoC

Published: 24 April 2026

Published
24 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0072 72.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can…

more

exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for logical access, directly preventing unauthenticated attackers from writing arbitrary data to the database via exposed AI Scanner API endpoints.

AC-14 Permitted Actions Without Identification or Authentication good match
preventdetect

Explicitly identifies and monitors actions permitted without identification or authentication, ensuring endpoints like /api/ai-scanner/status-webhook and /api/ai-scanner/callback are not inadvertently exposed.

SI-10 Information Input Validation partial match
prevent

Validates and sanitizes inputs to API endpoints, blocking malicious data writes that could cause database corruption or storage exhaustion even if authentication is bypassed.

Security SummaryAI

CVE-2026-41473 is an authentication bypass vulnerability (CWE-306) in CyberPanel versions prior to 2.4.4. The flaw exists in the AI Scanner worker API endpoints, specifically /api/ai-scanner/status-webhook and /api/ai-scanner/callback, which lack authentication checks. This allows unauthenticated remote attackers to write arbitrary data directly to the database.

Unauthenticated attackers with network access can exploit the vulnerability by sending crafted requests to the affected endpoints. Exploitation enables denial of service via database storage exhaustion, corruption of scan history records, and pollution of database fields with malicious data. The issue carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), highlighting critical integrity and availability impacts without confidentiality loss.

Mitigation is provided in CyberPanel 2.4.4, as evidenced by the fixing commit at https://github.com/usmannasir/cyberpanel/commit/0a099b1b193946555fbdd387a28486b1521f9961. Further details on the vulnerability and exploitation are documented in the VulnCheck advisory at https://www.vulncheck.com/advisories/cyberpanel-unauthenticated-api-access-via-ai-scanner-endpoints and a technical analysis at https://itsrez.re/post/cyberpanel-rce.

Details

CWE(s)
CWE-306

Affected Products

cyberpanel
cyberpanel
≤ 2.4.4

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Matched keywords: ai, ai, ai

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
T1499.001 OS Exhaustion Flood Impact
Adversaries may launch a denial of service (DoS) attack targeting an endpoint's operating system (OS).
attack.mitre.org →
Why these techniques?

CVE-2026-41473 is an unauthenticated authentication bypass in public-facing CyberPanel API endpoints enabling arbitrary database writes, directly facilitating T1190 (Exploit Public-Facing Application). This allows stored data corruption/pollution (T1565.001) and DoS via storage exhaustion (T1499.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References