Aapanel CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-29856	1 Aapanel	1 Aapanel	2026-03-19	7.5 High
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.
CVE-2026-29858	1 Aapanel	1 Aapanel	2026-03-19	7.5 High
A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.
CVE-2026-29859	1 Aapanel	1 Aapanel	2026-03-19	9.8 Critical
An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-42922	1 Aapanel	1 Aapanel	2025-06-25	6.5 Medium
AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
CVE-2022-26252	1 Aapanel	1 Aapanel	2024-11-21	6.5 Medium
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).
CVE-2021-37840	1 Aapanel	1 Aapanel	2024-11-21	8.8 High
aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).
CVE-2020-14950	1 Aapanel	1 Aapanel	2024-11-21	8.8 High
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.
CVE-2020-14421	1 Aapanel	1 Aapanel	2024-11-21	7.2 High
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

Page 1 of 1.