CVE 9.3 CRITICAL

Password bypass when 2FA is activated_CVE-2026-40177

April 12, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.

AI Analysis

Password bypass vulnerability when 2FA is activated

Basic Information

ID CVE-2026-40177

Source GitHub_M

Published Apr 10, 2026 at 19:29

Affected Product

Vendor ajenti

Product ajenti

Version < 0.112

Affected Versions ajenti ajenti < 0.112

CWE Classification

CWE-287

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Ajenti

Product Ajenti

Version < 0.112

References

github.com /ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v

{
    "lastseen": "",
    "description": "ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.",
    "published": "2026-04-10T19:29:00.851Z",
    "modified": "2026-04-10T19:29:00.851Z",
    "type": "cve",
    "title": "Password bypass when 2FA is activated",
    "source": "GitHub_M",
    "references": "https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v",
    "id": "CVE-2026-40177",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "ajenti ajenti < 0.112",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ajenti",
    "version": "< 0.112",
    "vendor": "ajenti",
    "ai_description": "Password bypass vulnerability when 2FA is activated",
    "ai_severity": "Critical",
    "ai_vendor": "Ajenti",
    "ai_product": "Ajenti",
    "ai_version": "< 0.112",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply