CVE-2021-47871

High CVSS: 8.6

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.

Vendor

Product

CWE

CWE-73

Yayın Tarihi

2026-01-21 18:16:20

Güncelleme

2026-01-26 15:04:59

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-73 HIGH 2026

Referanslar

https://github.com/hestiacp/hestiacp https://hestiacp.com/ https://www.exploit-db.com/exploits/49667 https://www.vulncheck.com/advisories/hestia-control-panel-arbitrary-file-write