CVE-2026-41473: CWE-306 Missing Authentication for Critical Function in usmannasir cyberpanel
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.
AI Analysis
Technical Summary
CVE-2026-41473 is an authentication bypass vulnerability affecting CyberPanel versions prior to 2.4.4. The issue resides in the AI Scanner worker API endpoints, specifically /api/ai-scanner/status-webhook and /api/ai-scanner/callback, which lack proper authentication checks. This allows unauthenticated remote attackers to write arbitrary data to the backend database. The vulnerability can be exploited to cause denial of service through storage exhaustion, corrupt scan history data, and inject malicious data into database fields. The CVSS 4.0 base score is 8.8, reflecting network attack vector, no privileges required, no user interaction, and high impact on integrity and availability. No patch or official remediation level has been disclosed by the vendor as of the publication date.
Potential Impact
Successful exploitation allows unauthenticated attackers to write arbitrary data to the CyberPanel database via vulnerable API endpoints. This can result in denial of service through storage exhaustion, corruption of scan history records, and pollution of database fields with malicious data, impacting the integrity and availability of the affected system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected API endpoints (/api/ai-scanner/status-webhook and /api/ai-scanner/callback) through network controls or firewall rules to prevent unauthenticated access. Monitor for unusual activity targeting these endpoints and consider disabling the AI Scanner feature if feasible.
CVE-2026-41473: CWE-306 Missing Authentication for Critical Function in usmannasir cyberpanel
Description
CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback endpoints. Attackers can exploit the lack of authentication checks to cause denial of service through storage exhaustion, corrupt scan history records, and pollute database fields with malicious data.
CVSS v4.0
Score 8.8high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41473 is an authentication bypass vulnerability affecting CyberPanel versions prior to 2.4.4. The issue resides in the AI Scanner worker API endpoints, specifically /api/ai-scanner/status-webhook and /api/ai-scanner/callback, which lack proper authentication checks. This allows unauthenticated remote attackers to write arbitrary data to the backend database. The vulnerability can be exploited to cause denial of service through storage exhaustion, corrupt scan history data, and inject malicious data into database fields. The CVSS 4.0 base score is 8.8, reflecting network attack vector, no privileges required, no user interaction, and high impact on integrity and availability. No patch or official remediation level has been disclosed by the vendor as of the publication date.
Potential Impact
Successful exploitation allows unauthenticated attackers to write arbitrary data to the CyberPanel database via vulnerable API endpoints. This can result in denial of service through storage exhaustion, corruption of scan history records, and pollution of database fields with malicious data, impacting the integrity and availability of the affected system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected API endpoints (/api/ai-scanner/status-webhook and /api/ai-scanner/callback) through network controls or firewall rules to prevent unauthenticated access. Monitor for unusual activity targeting these endpoints and consider disabling the AI Scanner feature if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-04-20T16:07:47.312Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ebdb3b87115cfb687367da
Added to database: 4/24/2026, 9:06:03 PM
Last enriched: 5/2/2026, 7:31:32 AM
Last updated: 6/8/2026, 5:02:27 PM
Views: 90
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.