CVE-2026-27975
Remote Code Execution in Ajenti Server Admin Panel (Pre
Publication date: 2026-02-26
Last updated on: 2026-03-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ajenti | ajenti | to 2.2.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27975 is a critical Remote Code Execution vulnerability in Ajenti versions prior to 2.2.13.
This flaw allows an unauthenticated attacker to gain access to the server and execute arbitrary code remotely.
The issue has been fixed in Ajenti version 2.2.13.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can remotely execute arbitrary code on your server without any authentication.
This can lead to full compromise of the affected server, including unauthorized access, data theft, service disruption, or further attacks within your network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-27975 vulnerability in Ajenti, you should immediately upgrade Ajenti to version 2.2.13 or later.
This update includes important security fixes such as enhanced validation checks on HTTP headers and improvements in cache management, which prevent unauthorized remote code execution.
Applying this update will close the critical security gap that allows unauthenticated users to execute arbitrary code on the server.