myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 04 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Authenticated Remote Code Execution in myVesta via FTP Username Deletion |
Sat, 04 Jul 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta. | |
| Weaknesses | CWE-78 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: PRJBLK
Published:
Updated: 2026-07-04T11:33:27.032Z
Reserved: 2026-06-14T07:01:17.476Z
Link: CVE-2026-12195
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-04T16:15:16Z
Weaknesses