CVE-2026-12195

Severity CVSS v4.0:
HIGH
Type:
CWE-78 OS Command Injections
Publication date:
04/07/2026
Last modified:
04/07/2026

Description

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.