CVE-2026-29859 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 19, 2026
aaPanel - Unrestricted File Upload
Published: March 18, 2026Updated: March 19, 2026Remote Exploitable
Overview
aaPanel v7.57.0 contains an unrestricted file upload vulnerability caused by improper validation of uploaded files, letting attackers execute arbitrary code by uploading crafted files, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can execute arbitrary code remotely by uploading malicious files, potentially leading to full system compromise.
Mitigation
Update to the latest version of aaPanel.
References
Related Resources
Details
- CVE ID
- CVE-2026-29859
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- unrestricted_file_upload
- Status
- unconfirmed
CWE
- CWE-94
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H