{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-40177","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-04-09T20:59:17.619Z","datePublished":"2026-04-10T19:29:00.851Z","dateUpdated":"2026-04-14T13:26:56.925Z"},"containers":{"cna":{"title":"Password bypass when 2FA is activated","problemTypes":[{"descriptions":[{"cweId":"CWE-287","lang":"en","description":"CWE-287: Improper Authentication","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":9.3,"baseSeverity":"CRITICAL","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v","tags":["x_refsource_CONFIRM"],"url":"https://github.com/ajenti/ajenti/security/advisories/GHSA-3mcx-6wxm-qr8v"}],"affected":[{"vendor":"ajenti","product":"ajenti","versions":[{"version":"< 0.112","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-04-10T19:29:00.851Z"},"descriptions":[{"lang":"en","value":"ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112."}],"source":{"advisory":"GHSA-3mcx-6wxm-qr8v","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-14T03:55:42.787272Z","id":"CVE-2026-40177","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-14T13:26:56.925Z"}}]}}