Primary

Context

aaPanel Regular Expression Denial-of-Service Vulnerability

Vulnerability

A Regular Expression Denial-of-Service (ReDoS) vulnerability has been identified in aaPanel version 7.57.0. The issue arises in the VirtualHost configuration parser, where a backtracking-prone regular expression is used to match <VirtualHost ... :> blocks. This pattern can be exploited by supplying crafted input, leading to excessive CPU usage or process timeouts.

Impact

Exploitation of this vulnerability causes a Regular Expression Denial-of-Service, where the server's CPU is subjected to excessive load, potentially leading to timeouts or degraded performance.

Reproduction

The vulnerability can be reproduced by uploading a configuration file or input that includes long, repetitive strings designed to trigger the backtracking in the regular expression. This can be done through the aaPanel interface that accepts such configurations.

Added: Mar 18, 2026, 7:24 PM

Updated: Mar 18, 2026, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

4.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

4.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

aaPanel Regular Expression Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

aaPanel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating