CVE-2026-12195

Source
https://cve.org/CVERecord?id=CVE-2026-12195
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-12195.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-12195
Published
2026-07-04T11:33:27.032Z
Modified
2026-07-15T01:49:17.719774105Z
Severity
  • 8.5 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H CVSS Calculator
Summary
[none]
Details

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the vftpuser parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.

Database specific
{
    "cna_assigner": "PRJBLK",
    "cwe_ids": [
        "CWE-78"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "95d7e43bf286d6881ca753dac93cb42d98cc7422"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/12xxx/CVE-2026-12195.json"
}
References

Affected packages

Git / github.com/myvesta/vesta

Affected ranges

Type
GIT
Repo
https://github.com/myvesta/vesta
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

0.*
0.9.8-10
0.9.8-11
0.9.8-12
0.9.8-13
0.9.8-15
0.9.8-16
0.9.8-18
0.9.8-19
0.9.8-26-25
0.9.8-26-29
0.9.8-26-31
0.9.8-26-33
0.9.8-26-35
0.9.8-26-36
0.9.8-26-37
0.9.8-26-38
0.9.8-26-39
0.9.8-26-43
0.9.8-26-44
0.9.8-26-45
0.9.8-26-47
0.9.8-26-48
0.9.8-26-49
0.9.8-26-50
0.9.8-26-51
0.9.8-26-52
0.9.8-26-54
0.9.8-26-55
0.9.8-26-56
0.9.8-26-57
0.9.8-26-58
0.9.8-26-60
0.9.8-26-61
0.9.8-26-62
0.9.9-0
0.9.9-0-11
0.9.9-0-12
0.9.9-0-13
0.9.9-0-15
0.9.9-0-16
0.9.9-0-3
0.9.9-0-4
0.9.9-0-5
0.9.9-0-6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-12195.json"