CVE-2026-12196
HestiaCP · HestiaCP
The HestiaCP panel cronjob feature contains a broken access control vulnerability that allows authenticated users to escalate privileges.
Executive summary
HestiaCP versions prior to the commit 8be23943c7e3231f66d226ca931c76f93be98412 contain a broken access control vulnerability allowing for unauthorized administrative actions.
Vulnerability
This vulnerability is categorized as an improper authentication/broken access control issue within the cronjob management feature. An attacker with a low-privileged account can manipulate the cronjob scheduling functionality to perform unauthorized administrative actions, effectively leading to full panel takeover.
Business impact
The CVSS score of 8.3 reflects the significant danger of administrative takeover. A successful exploit allows an attacker to gain full control over the HestiaCP panel, enabling them to compromise hosted websites, modify server configurations, and access sensitive user data, leading to severe reputational and operational damage.
Remediation
Immediate Action: Update HestiaCP to the latest version or apply the specific patch referenced in the vendor's repository (commit 8be23943c7e3231f66d226ca931c76f93be98412).
Proactive Monitoring: Audit existing cronjobs for unauthorized entries and monitor server access logs for anomalous requests directed at the panel's management interface.
Compensating Controls: Restrict access to the HestiaCP administration panel to trusted IP addresses only and enforce multi-factor authentication (MFA) where available.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Privilege escalation vulnerabilities in control panels are critical. Administrators must apply the provided patch or upgrade immediately to prevent attackers from seizing administrative control of the server environment.