QwikSec

Security Database

CVE

CWE

Training

CVE-2026-41473

Published: Apr 24, 2026

Modified: Apr 27, 2026

PUBLISHED

Description

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.

Vendor	Product	Versions
usmannasir	cyberpanel	affected `0 - < 2.4.4` unaffected `0a099b1b193946555fbdd387a28486b1521f9961`

Weaknesses (CWE)

References

https://itsrez.re/post/cyberpanel-rce

technical-description

exploit

https://github.com/usmannasir/cyberpanel/commit/0a099b1b193946555fbdd387a28486b1521f9961

patch

https://www.vulncheck.com/advisories/cyberpanel-unauthenticated-api-access-via-ai-scanner-endpoints

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.