Two-Factor Authentication Bypass in Ajenti Core by Ajenti
CVE-2026-40177

9.3CRITICAL

Key Information:

Vendor: Ajenti
Status: Ajenti
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-40177?

A serious vulnerability exists in Ajenti Core prior to version 0.112 that allows attackers to bypass password authentication when two-factor authentication (2FA) is enabled. This loophole undermines the security framework of the application, potentially allowing unauthorized access to sensitive systems. Users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

ajenti < 0.112

References

https://github.com/ajenti/ajenti/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40177 Data

JSON