Unauthorized Remote Code Execution Vulnerability in mdserver-web by Midoks
CVE-2026-41315

9.3CRITICAL

Key Information:

Vendor: Midoks
Status: Mdserver-web
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-41315?

mdserver-web, a lightweight Linux management panel developed by Midoks, is exposed to an unauthorized remote command execution vulnerability. This flaw exists in versions 0.18.0 through 0.18.4, allowing malicious users to exploit the unprotected /modify_crond and /start_task endpoints to modify and initiate scheduled tasks without authentication. Exploiting this vulnerability can lead to severe consequences, including arbitrary code execution on the server, putting sensitive data and operations at risk.

Affected Version(s)

mdserver-web >= 0.18.0, <= 0.18.4

References

https://github.com/midoks/mdserver-web/security/advisorie...

x_refsource_CONFIRM

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41315 Data

JSON