CVE-2026-41473
Published: 24 April 2026
Summary
CVE-2026-41473 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Cyberpanel Cyberpanel. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-9 (Service Identification and Authentication).
Deeper analysis
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints. The flaw permits unauthenticated remote attackers to write arbitrary data to the database through requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints, potentially leading to denial of service via storage exhaustion as well as corruption of scan history records and other database fields.
Unauthenticated attackers on the network can exploit the missing authentication checks to inject malicious data, resulting in high impact to integrity and availability as reflected in the CVSS 8.8 score for this CWE-306 issue.
A patch addressing the vulnerability is available in commit 0a099b1b193946555fbdd387a28486b1521f9961, which updates CyberPanel to version 2.4.4. Advisories from VulnCheck and related analyses highlight the unauthenticated API access via the AI Scanner endpoints as the root cause.
The exploitation probability remains low with an EPSS score of 0.0139 showing no increase since disclosure.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25631
Vulnerability details
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can…
more
exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-41473 is an unauthenticated authentication bypass in public-facing CyberPanel API endpoints enabling arbitrary database writes, directly facilitating T1190 (Exploit Public-Facing Application). This allows stored data corruption/pollution (T1565.001) and DoS via storage exhaustion (T1499.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization checks on the /api/ai-scanner/* endpoints to block unauthenticated database writes.
Requires identification and authentication of the AI Scanner service endpoints before allowing any data-modifying requests.
Ensures only explicitly authorized principals can reach the webhook and callback endpoints, limiting exposure of the unauthenticated paths.