CVE-2026-41473: CWE-306 Missing Authentication for Critical Function in usmannasir cyberpanel
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.
AI Analysis
Technical Summary
CVE-2026-41473 is an authentication bypass vulnerability affecting CyberPanel versions before 2.4.4. It impacts the AI Scanner worker API endpoints, specifically /api/ai-scanner/status-webhook and /api/ai-scanner/callback, which lack proper authentication checks. This allows unauthenticated attackers to write arbitrary data to the backend database. The vulnerability can be exploited to cause denial of service through storage exhaustion, corrupt scan history, and inject malicious data into database fields. The CVSS 4.0 base score is 8.8, reflecting network attack vector, no required privileges or user interaction, and high impact on integrity and availability. No official fix or patch has been documented at this time.
Potential Impact
Successful exploitation enables unauthenticated remote attackers to write arbitrary data to the CyberPanel database via vulnerable API endpoints. This can result in denial of service conditions caused by storage exhaustion, corruption of scan history records, and contamination of database fields with malicious data. The integrity and availability of the affected system are significantly impacted. There are no reports of active exploitation in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the vulnerable API endpoints if possible, such as by network-level controls or firewall rules. Monitor for unusual activity targeting the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Avoid exposing these endpoints to untrusted networks.
CVE-2026-41473: CWE-306 Missing Authentication for Critical Function in usmannasir cyberpanel
Description
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41473 is an authentication bypass vulnerability affecting CyberPanel versions before 2.4.4. It impacts the AI Scanner worker API endpoints, specifically /api/ai-scanner/status-webhook and /api/ai-scanner/callback, which lack proper authentication checks. This allows unauthenticated attackers to write arbitrary data to the backend database. The vulnerability can be exploited to cause denial of service through storage exhaustion, corrupt scan history, and inject malicious data into database fields. The CVSS 4.0 base score is 8.8, reflecting network attack vector, no required privileges or user interaction, and high impact on integrity and availability. No official fix or patch has been documented at this time.
Potential Impact
Successful exploitation enables unauthenticated remote attackers to write arbitrary data to the CyberPanel database via vulnerable API endpoints. This can result in denial of service conditions caused by storage exhaustion, corruption of scan history records, and contamination of database fields with malicious data. The integrity and availability of the affected system are significantly impacted. There are no reports of active exploitation in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the vulnerable API endpoints if possible, such as by network-level controls or firewall rules. Monitor for unusual activity targeting the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Avoid exposing these endpoints to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-04-20T16:07:47.312Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ebdb3b87115cfb687367da
Added to database: 4/24/2026, 9:06:03 PM
Last enriched: 4/24/2026, 9:21:01 PM
Last updated: 4/24/2026, 10:48:02 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.