CVE-2026-27975
Published: 26 February 2026
Summary
CVE-2026-27975 is a high-severity Improper Access Control (CWE-284) vulnerability in Ajenti Ajenti. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-27975 is a critical vulnerability in Ajenti, a modular server admin panel for Linux and BSD systems. In versions prior to 2.2.13, it enables an unauthenticated user to gain access to the server and execute arbitrary code. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-284 (Improper Access Control), with additional NVD-CWE-noinfo classification.
An attacker requires only network access to the Ajenti instance, with no authentication, privileges, or user interaction needed, and low attack complexity. Exploitation allows remote arbitrary code execution on the server, resulting in high impacts to confidentiality, integrity, and availability, potentially leading to full system compromise.
The vulnerability is addressed in Ajenti version 2.2.13. Administrators should upgrade to this version or later for mitigation. Detailed information is available in the GitHub security advisory at https://github.com/ajenti/ajenti/security/advisories/GHSA-vcw3-r3fx-j444 and the release notes at https://github.com/ajenti/ajenti/releases/tag/v2.2.13.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8832
Vulnerability details
Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated RCE in a public-facing admin panel (Ajenti) maps exactly to T1190 Exploit Public-Facing Application; no other technique is directly enabled by the described improper-access-control flaw.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation by upgrading Ajenti to version 2.2.13 or later directly eliminates the specific vulnerability enabling unauthenticated remote code execution.
Enforces approved authorizations for logical access to system resources, directly addressing the improper access control (CWE-284) that permitted unauthenticated arbitrary code execution.
Explicitly defines and restricts actions allowable without identification or authentication, preventing broad unauthenticated access leading to remote code execution on the Ajenti server.