Primary

Context

Ajenti Authentication Bypass Vulnerability Leading to Remote Code Execution

Vulnerability

An authentication bypass vulnerability has been identified in Ajenti version 2.1.36. This vulnerability allows remote attackers to execute arbitrary commands after successfully logging in. Exploitation involves using the '/api/terminal/create' endpoint to send a netcat reverse shell payload to a specified IP address and port.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where Ajenti is running.

Reproduction

To reproduce this vulnerability, log into the Ajenti server using valid credentials. Once authenticated, send a POST request to the '/api/terminal/create' endpoint with a payload that includes a command to establish a reverse shell connection using netcat. Specify the desired IP address and port for the reverse shell connection. After sending the payload, check the listener on the specified IP and port for the incoming connection.

Added: Jan 29, 2026, 3:39 PM

Updated: Jan 29, 2026, 4:58 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

7.6

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

7.6

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ajenti Authentication Bypass Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Ajenti

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating