1Panel Cross-Site Request Forgery Vulnerability in Panel Name Management

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in 1Panel versions 1.10.33 prior to 2.0.15. The issue resides within the panel name management feature, where the endpoint lacks proper CSRF protections, such as anti-CSRF tokens or validation of the Origin/Referer headers. This vulnerability allows an attacker to create a malicious webpage that, when visited by an authenticated user, can change the user's panel name to an arbitrary value without their consent.

Impact

Exploitation of this vulnerability allows for unauthorized modification of a user's panel name, potentially leading to confusion or misuse of the panel management features.

Added: Dec 10, 2025, 8:36 PM

Updated: Dec 10, 2025, 8:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.4

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

1Panel Cross-Site Request Forgery Vulnerability in Panel Name Management

Vulnerability

Impact

Affected Products

1Panel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating