securityonline.info 7/3/2026, 5:32:39 AM · external

CVE-2026-57517 bug lets attackers hijack Control Web Panel

CVE-2026-57517 bug lets attackers hijack Control Web Panel
CyberSIXT Evidence Panel
Primary Source control-webpanel.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

A critical vulnerability, CVE-2026-57517, has been discovered in the Control Web Panel, categorized with a maximum CVSS score of 9.8. This vulnerability allows unauthenticated remote code execution through blind SQL injection in versions prior to 0.9.8.1225. Administrators are advised to immediately update to this version to prevent exploitation. The flaw exploits the 'userRes' parameter, enabling attackers to execute arbitrary SQL queries with root privileges, posing a significant risk of data breaches.

While no confirmed exploitations have been reported yet, the availability of a public proof-of-concept increases the urgency for mitigation. Key actions include updating systems, auditing server logs, and enhancing firewall rules.

View Primary Source Via securityonline.info

Article by CyberSIXT