CVE-2026-29858 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: March 19, 2026
aaPanel - Local File Inclusion
Published: March 18, 2026Updated: March 19, 2026PoC AvailableRemote Exploitable
Overview
aaPanel v7.57.0 contains a local file inclusion vulnerability caused by lack of path validation, letting attackers expose sensitive information, exploit requires no special privileges.
Severity & Score
Severity: High
CVSS Score: 7.5
EPSS Score: 2.9%(Probability of exploitation in next 30 days)
Impact
Attackers can include local files, potentially exposing sensitive information.
Mitigation
Update to the latest version of aaPanel.
References
Social Media Activity(1 post)
TheHackerWire
@thehackerwire
š CVE-2026-29858 - High (7.5) A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure. š https://www.thehackerwire.com/vulnerability/CVE-2026-29858/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-29858
- Severity
- High
- CVSS Score
- 7.5
- Type
- file_inclusion
- Status
- confirmed
- EPSS
- 2.9%
- Social Posts
- 1
CWE
- CWE-98
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
2.9%Probability of exploitation in the next 30 days