CVE-2026-41472 Overview
CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting (XSS) vulnerability in the AI Scanner dashboard. The POST /api/ai-scanner/callback endpoint lacks proper authentication, allowing unauthenticated attackers to inject malicious JavaScript by overwriting the findings_json field of ScanHistory records. When an administrator visits the AI Scanner dashboard, the injected JavaScript executes within their authenticated session, enabling attackers to issue same-origin requests to plant cron jobs and ultimately achieve remote code execution on the server.
Critical Impact
Unauthenticated attackers can chain stored XSS with cron job manipulation to achieve full remote code execution on CyberPanel servers, compromising all hosted websites and sensitive data.
Affected Products
- CyberPanel versions prior to 2.4.4
- CyberPanel AI Scanner dashboard component
- Systems with the /api/ai-scanner/callback endpoint exposed
Discovery Timeline
- 2026-04-24 - CVE-2026-41472 published to NVD
- 2026-04-28 - Last updated in NVD database
Technical Details for CVE-2026-41472
Vulnerability Analysis
This vulnerability represents a dangerous attack chain combining an unauthenticated stored XSS vulnerability with privilege escalation to achieve remote code execution. The root issue lies in the AI Scanner callback endpoint accepting unauthenticated POST requests that can modify scan history records displayed to administrators.
The attack flow begins when an attacker sends a crafted POST request to /api/ai-scanner/callback containing malicious JavaScript payloads within the findings_json field. Because this endpoint lacks authentication checks, any remote attacker can inject arbitrary content. The stored payload persists in the database and executes whenever an administrator views the AI Scanner dashboard, running with the administrator's session privileges.
The downstream impact is severe—the injected JavaScript can leverage the administrator's authenticated session to make same-origin requests to CyberPanel's administrative functions. Attackers specifically target cron job creation endpoints to establish persistent backdoor access, effectively escalating from XSS to full remote code execution on the underlying server.
Root Cause
The vulnerability stems from two critical security failures: missing authentication on the /api/ai-scanner/callback endpoint and insufficient input sanitization of the findings_json field before rendering in the administrator dashboard. The combination of these flaws enables unauthenticated stored XSS with significant downstream exploitation potential.
Attack Vector
The attack is network-based and requires no authentication. An attacker sends a malicious POST request to the vulnerable callback endpoint to store JavaScript payloads. User interaction is required as an administrator must visit the AI Scanner dashboard for the payload to execute. Once triggered, the JavaScript runs with full administrative privileges, allowing the attacker to:
- Access sensitive configuration data
- Create malicious cron jobs for persistent access
- Execute arbitrary commands on the server
- Compromise all websites hosted on the CyberPanel instance
The following patch was applied to address access control issues in CyberPanel v2.4.4:
else:
if childDomain.master.admin.owner == admin.pk:
return 1
+ else:
+ return 0
except:
domainName = Websites.objects.get(domain=domain)
Source: GitHub Commit Change
Additional changes were made to improve filtering logic for child domains:
childDomains = []
for web in websites:
- for child in web.childdomains_set.filter(alais=0):
- if child.domain == f'mail.{web.domain}':
- pass
- else:
- childDomains.append(child)
+ for child in web.childdomains_set.all():
+ if child.alais == 0:
+ if child.domain == f'mail.{web.domain}':
+ pass
+ else:
+ childDomains.append(child)
pagination = self.getPagination(len(childDomains), recordsToShow)
json_data = self.findChildsListJson(childDomains[finalPageNumber:endPageNumber])
Source: GitHub Commit Change
Detection Methods for CVE-2026-41472
Indicators of Compromise
- Unexpected POST requests to /api/ai-scanner/callback from external IP addresses
- Suspicious JavaScript code or HTML tags present in ScanHistory database records
- Unauthorized cron job entries created through the CyberPanel interface
- Web server logs showing unauthenticated access attempts to AI Scanner endpoints
Detection Strategies
- Implement web application firewall (WAF) rules to detect XSS payloads in POST request bodies targeting the AI Scanner callback endpoint
- Monitor database queries and modifications to the ScanHistory table for anomalous content patterns
- Configure SIEM rules to alert on unusual administrative actions following AI Scanner dashboard access
- Deploy endpoint detection solutions to identify unexpected cron job creations or shell commands
Monitoring Recommendations
- Enable detailed logging for all requests to /api/ai-scanner/* endpoints
- Implement real-time alerting for unauthenticated API access attempts
- Monitor cron job configurations for unauthorized additions or modifications
- Review administrator session activity logs for suspicious same-origin requests following dashboard access
How to Mitigate CVE-2026-41472
Immediate Actions Required
- Upgrade CyberPanel to version 2.4.4 or later immediately
- Review existing ScanHistory records for signs of injected malicious content
- Audit cron jobs on affected systems for unauthorized entries
- Temporarily restrict network access to the /api/ai-scanner/callback endpoint if patching cannot be performed immediately
Patch Information
CyberPanel has released version 2.4.4 which addresses this vulnerability by implementing proper authentication checks on the AI Scanner callback endpoint and sanitizing input before storage. The security patch is available through the official GitHub repository. Additional technical analysis is available in the ITsRez RCE Analysis and the VulnCheck CyberPanel Advisory.
Workarounds
- Block external access to /api/ai-scanner/callback at the firewall or reverse proxy level until patching is complete
- Implement Content Security Policy (CSP) headers to mitigate XSS impact
- Restrict CyberPanel administrative interface access to trusted IP addresses only
- Consider disabling the AI Scanner feature if not actively used
# Example: Block AI Scanner callback endpoint using nginx
location /api/ai-scanner/callback {
allow 127.0.0.1;
deny all;
return 403;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
