Cyber Resilience

CVE-2026-27975

High

Published: 26 February 2026

Published
26 February 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v4 8.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0053 40.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27975 is a high-severity Improper Access Control (CWE-284) vulnerability in Ajenti Ajenti. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-27975 is a critical vulnerability in Ajenti, a modular server admin panel for Linux and BSD systems. In versions prior to 2.2.13, it enables an unauthenticated user to gain access to the server and execute arbitrary code. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-284 (Improper Access Control), with additional NVD-CWE-noinfo classification.

An attacker requires only network access to the Ajenti instance, with no authentication, privileges, or user interaction needed, and low attack complexity. Exploitation allows remote arbitrary code execution on the server, resulting in high impacts to confidentiality, integrity, and availability, potentially leading to full system compromise.

The vulnerability is addressed in Ajenti version 2.2.13. Administrators should upgrade to this version or later for mitigation. Detailed information is available in the GitHub security advisory at https://github.com/ajenti/ajenti/security/advisories/GHSA-vcw3-r3fx-j444 and the release notes at https://github.com/ajenti/ajenti/releases/tag/v2.2.13.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Ajenti is a Linux and BSD modular server admin panel. Prior to version 2.2.13, an unauthenticated user could gain access to a server to execute arbitrary code on this server. This is fixed in the version 2.2.13.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct unauthenticated RCE in a public-facing admin panel (Ajenti) maps exactly to T1190 Exploit Public-Facing Application; no other technique is directly enabled by the described improper-access-control flaw.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40177Same vendor: Ajenti
CVE-2026-7198Shared CWE-284
CVE-2026-46818Shared CWE-284
CVE-2025-70363Shared CWE-284
CVE-2026-34310Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2026-34287Shared CWE-284
CVE-2026-44277Shared CWE-284
CVE-2025-66509Shared CWE-284
CVE-2025-50900Shared CWE-284

Affected Assets

ajenti
ajenti
≤ 2.2.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation by upgrading Ajenti to version 2.2.13 or later directly eliminates the specific vulnerability enabling unauthenticated remote code execution.

prevent

Enforces approved authorizations for logical access to system resources, directly addressing the improper access control (CWE-284) that permitted unauthenticated arbitrary code execution.

prevent

Explicitly defines and restricts actions allowable without identification or authentication, preventing broad unauthenticated access leading to remote code execution on the Ajenti server.

References