Cyber Resilience

CVE-2026-41473

HighPublic PoC

Published: 24 April 2026

Published
24 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0077 51.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41473 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Cyberpanel Cyberpanel. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-9 (Service Identification and Authentication).

Deeper analysis

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints. The flaw permits unauthenticated remote attackers to write arbitrary data to the database through requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints, potentially leading to denial of service via storage exhaustion as well as corruption of scan history records and other database fields.

Unauthenticated attackers on the network can exploit the missing authentication checks to inject malicious data, resulting in high impact to integrity and availability as reflected in the CVSS 8.8 score for this CWE-306 issue.

A patch addressing the vulnerability is available in commit 0a099b1b193946555fbdd387a28486b1521f9961, which updates CyberPanel to version 2.4.4. Advisories from VulnCheck and related analyses highlight the unauthenticated API access via the AI Scanner endpoints as the root cause.

The exploitation probability remains low with an EPSS score of 0.0139 showing no increase since disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can…

more

exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1499.001 OS Exhaustion Flood Impact
Adversaries may launch a denial of service (DoS) attack targeting an endpoint's operating system (OS).
Why these techniques?

CVE-2026-41473 is an unauthenticated authentication bypass in public-facing CyberPanel API endpoints enabling arbitrary database writes, directly facilitating T1190 (Exploit Public-Facing Application). This allows stored data corruption/pollution (T1565.001) and DoS via storage exhaustion (T1499.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27584Shared CWE-306
CVE-2026-0545Shared CWE-306
CVE-2025-8861Shared CWE-306
CVE-2025-61956Shared CWE-306
CVE-2026-1019Shared CWE-306
CVE-2026-4810Shared CWE-306
CVE-2026-32211Shared CWE-306
CVE-2025-53847Shared CWE-306
CVE-2025-61757Shared CWE-306
CVE-2025-68715Shared CWE-306

Affected Assets

cyberpanel
cyberpanel
≤ 2.4.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks on the /api/ai-scanner/* endpoints to block unauthenticated database writes.

prevent

Requires identification and authentication of the AI Scanner service endpoints before allowing any data-modifying requests.

prevent

Ensures only explicitly authorized principals can reach the webhook and callback endpoints, limiting exposure of the unauthenticated paths.

References