CVE-2026-41473

Name: CVE-2026-41473
Creator: NVD / NIST
Published: 2026-04-24T21:16:19.113+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.77%

Last modified Jun 17, 2026

CVE-2026-41473 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.. EPSS estimates a 0.77% chance of exploitation in the next 30 days.

Description

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.

Metrics

CVSS 3.1

9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS 4.0

8.8/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.77%

51.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-306

Affected Software

Vendor	Product	Versions
Cyberpanel	Cyberpanel	< 2.4.4

References

https://github.com/usmannasir/cyberpanel/commit/0a099b1b193946555fbdd387a28486b1521f9961Patch
https://itsrez.re/post/cyberpanel-rceExploit, Mitigation, Third Party Advisory
https://www.vulncheck.com/advisories/cyberpanel-unauthenticated-api-access-via-ai-scanner-endpointsThird Party Advisory

Timeline

Published: Apr 24, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-41473?

How severe is CVE-2026-41473?

CVE-2026-41473 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.77% probability of exploitation in the next 30 days.

How do I fix CVE-2026-41473?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-41473?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST