CVE-2026-12195
Severity CVSS v4.0:
HIGH
Type:
CWE-78
OS Command Injections
Publication date:
04/07/2026
Last modified:
04/07/2026
Description
myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.
Impact
Base Score 4.0
8.50
Severity 4.0
HIGH



