Two-Factor Authentication Bypass in Ajenti Plugin by Ajenti
CVE-2026-40178

6.9MEDIUM

Key Information:

Vendor: Ajenti
Status: Ajenti
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-40178?

A security vulnerability in the Ajenti Plugin Core prior to version 0.112 allows attackers to bypass two-factor authentication for a brief period following user authentication. This only occurs during a specific window of time, presenting potential risks to user accounts. The issue has been addressed in version 0.112, ensuring that the authentication process is secure from such bypass attempts.

Affected Version(s)

ajenti < 0.112

References

https://github.com/ajenti/ajenti/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40178 Data

JSON