CVE-2026-35175 Linux — Exploit & Vulnerability Details HIGH

CVE-2026-35175

HIGH CVSS 4.0: 7.2 EPSS 0.02%

Parameter	Value
CVSS	7.2 (HIGH)
Fixed In	2.2.15
Type	CWE-862 (Missing Authorization)
Vendor	Linux
Public PoC	No

Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

High

Complete data modification

Availability

Low

Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-862 Missing Authorization

References 2

https://github.com/ajenti/ajenti/releases/tag/v2.2.15

security-advisories@github.com

https://github.com/ajenti/ajenti/security/advisories/GHSA-73jv-44c3-j5p2

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40253

Linux

6.8

CVE-2026-41035

Linux

7.4

CVE-2026-40245

Linux

7.5

CVE-2026-6328

Linux

8.3

CVE-2026-39418

Linux

5.0

Menu

CVE-2026-35175

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-40253

CVE-2026-41035

CVE-2026-40245

CVE-2026-6328

CVE-2026-39418

CVE Details

Editor's Choice

Menu

CVE-2026-35175

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-40253

CVE-2026-41035

CVE-2026-40245

CVE-2026-6328

CVE-2026-39418

CVE Details

Editor's Choice

Stay informed on cybersecurity