AI Threat Alert AI Threat Alert

CVE-2026-35175

GHSA-73jv-44c3-j5p2 HIGH
Published April 3, 2026

### Impact An authenticated user (using the `auth_users` plugin authentication method) could install a custom package even if this user is not superuser. ### Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
ajenti-panel pip < 2.2.15 2.2.15

Do you use ajenti-panel? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Recommended Action

Patch available

Update ajenti-panel to version 2.2.15

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

### Impact An authenticated user (using the `auth_users` plugin authentication method) could install a custom package even if this user is not superuser. ### Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible.

Weaknesses (CWE)

CWE-862 Missing Authorization Primary

References

Timeline

Published
April 3, 2026
Last Modified
April 3, 2026
First Seen
April 3, 2026
Back to Threat Feed