PYSEC-2026-266

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ajenti-plugin-core/PYSEC-2026-266.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-266
Aliases
Published
2026-06-29T11:50:45.705669Z
Modified
2026-07-01T20:22:47.930750Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
  • 9.1 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
ajenti.plugin.core has password bypass when 2FA is activated
Details

Impact

If the 2FA was activated, it was possible to bypass the password authentication

Patches

This is fixed in the version 0.112. Users should upgrade to this version as soon as possible.

References

Affected packages

PyPI / ajenti-plugin-core

Package

Name
ajenti-plugin-core
View open source insights on deps.dev
Purl
pkg:pypi/ajenti-plugin-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.112

Affected versions

0.*
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
0.11
0.12
0.13
0.14
0.15
0.16
0.17
0.18
0.19
0.20
0.21
0.22
0.23
0.24
0.25
0.27
0.28
0.30
0.31
0.32
0.33
0.34
0.35
0.36
0.37
0.38
0.39
0.40
0.41
0.42
0.43
0.45
0.46
0.47
0.48
0.49
0.50
0.51
0.52
0.54
0.56
0.57
0.59
0.60
0.61
0.62
0.63
0.64
0.65
0.66
0.67
0.68
0.69
0.71
0.72
0.73
0.74
0.75
0.76
0.78
0.79
0.80
0.81
0.82
0.83
0.84
0.85
0.86
0.87
0.88
0.89
0.90
0.91
0.92
0.93
0.94
0.95
0.96
0.97
0.98
0.99
0.100
0.101
0.102
0.103
0.104
0.105
0.106
0.107
0.108
0.109
0.110
0.111

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ajenti-plugin-core/PYSEC-2026-266.yaml"