Vulnerability Description
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records. Attackers can inject JavaScript that executes in an administrator's authenticated session when they visit the AI Scanner dashboard, allowing them to issue same-origin requests to plant cron jobs and achieve remote code execution on the server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cyberpanel | Cyberpanel | < 2.4.4 |
Related Weaknesses (CWE)
References
- https://github.com/usmannasir/cyberpanel/commit/0a099b1b193946555fbdd387a28486b1Patch
- https://itsrez.re/post/cyberpanel-rceExploitMitigationThird Party Advisory
- https://www.vulncheck.com/advisories/cyberpanel-stored-xss-via-ai-scanner-dashboThird Party Advisory
FAQ
What is CVE-2026-41472?
CVE-2026-41472 is a vulnerability with a CVSS score of 6.1 (MEDIUM). CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unau...
How severe is CVE-2026-41472?
CVE-2026-41472 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41472?
Check the references section above for vendor advisories and patch information. Affected products include: Cyberpanel Cyberpanel.