PatchSiren

usmannasir CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH usmannasir CVE published 2026-04-24

CVE-2026-41473

CVE-2026-41473 is an authentication bypass vulnerability in CyberPanel versions prior to 2.4.4. The vulnerability exists in the AI Scanner worker API endpoints, specifically /api/ai-scanner/status-webhook and /api/ai-scanner/callback. This allows unauthenticated remote attackers to write arbitrary data to the database, potentially leading to denial of service through storage exhaustion, corruption of scan [truncated]

MEDIUM usmannasir CVE published 2026-04-24

CVE-2026-41472

CVE-2026-41472 is a stored cross-site scripting vulnerability in CyberPanel versions prior to 2.4.4. The vulnerability exists in the AI Scanner dashboard and is caused by the POST /api/ai-scanner/callback endpoint lacking authentication, allowing unauthenticated attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records. This vulnerability can lead to remote cod [truncated]