CVE-2020-37002
9.8 CRITICALAjenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful...
Published: 2026-01-29 · Last updated: 2026-04-15
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-78
Description
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46716 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (9.9 CRITICAL)
- CVE-2026-42853 — ApostropheCMS is an open-source Node.js content management system (6.5 MEDIUM)
- CVE-2026-48165 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
- CVE-2026-48163 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
- CVE-2026-44170 — MariaDB server is a community developed fork of MySQL server