GHSA-73jv-44c3-j5p2

Source

https://github.com/advisories/GHSA-73jv-44c3-j5p2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-73jv-44c3-j5p2/GHSA-73jv-44c3-j5p2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-73jv-44c3-j5p2

Aliases

CVE-2026-35175

Published

2026-04-03T03:57:43Z

Modified

2026-04-03T04:05:12.322949Z

Severity

7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L CVSS Calculator

Summary

Ajenti has an authorization bypass during custom package installation

Details

Impact

An authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser.

Patches

This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible.

Database specific

{
    "cwe_ids": [
        "CWE-862"
    ],
    "github_reviewed": true,
    "nvd_published_at": null,
    "severity": "HIGH",
    "github_reviewed_at": "2026-04-03T03:57:43Z"
}

References

Affected packages

PyPI / ajenti-panel

Package

Name: ajenti-panel; View open source insights on deps.dev
Purl: pkg:pypi/ajenti-panel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.15

Affected versions

0.*

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

0.10

0.11

0.12

0.13

0.14

0.15

0.16

0.17

0.18

0.19

0.20

0.21

0.22

0.23

0.25

0.26

0.27

0.28

0.29

0.30

0.31

0.32

0.33

2.*

2.0.34

2.0.35

2.0.36

2.0.37

2.0.38

2.0.39

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.50

2.0.51

2.0.52

2.0.53

2.0.54

2.0.55

2.0.56

2.0.57

2.0.58

2.0.59

2.0.60

2.0.61

2.0.62

2.0.63

2.0.64

2.0.65

2.0.66

2.0.67

2.0.68

2.0.69

2.0.70

2.0.71

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.1.19

2.1.20

2.1.21

2.1.22

2.1.23

2.1.24

2.1.25

2.1.26

2.1.27

2.1.28

2.1.29

2.1.30

2.1.31

2.1.32

2.1.33

2.1.34

2.1.35

2.1.36

2.1.37

2.1.38

2.1.39

2.1.40

2.1.42

2.1.43

2.1.44

2.2.0

2.2.1

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.2.12

2.2.13

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-73jv-44c3-j5p2/GHSA-73jv-44c3-j5p2.json"