CVE-2026-43633: RCE in HestiaCP Web Terminal (CVSS 10.0)

Описание: CVE-2026-43633 is a critical Remote Code Execution vulnerability in HestiaCP, the open-source web hosting control panel used on millions of Linux VPS servers. Versions 1.9.0 through 1.9.4 are affected. A session format mismatch between PHP and Node.js in the integrated web terminal lets unauthenticated attackers inject malicious data via HTTP headers and achieve full RCE. The flaw is fixed in version 1.9.5.

0:00 Intro
0:00 Threat Overview
0:17 Package Details
0:47 Attack Walkthrough
1:05 Fix and Remediation
1:49 Call to Action

-----------------------------
Full details and patch guide: https://nextguardhq.com/en/vulnerabil...

CVE ID: CVE-2026-43633
CVSS Score: 10 (CRITICAL)
Component: HestiaCP
Affected versions: 1.9.0 1.9.4
Fixed in: 1.9.5

-----------------------------
NextGuard monitors 500,000+ CVEs across every platform you run.
Start free: https://nextguardhq.com

#CVE #cybersecurity #vulnerability #security