{"id":"CVE-2026-12195","details":"myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta.","modified":"2026-07-15T01:49:17.719774105Z","published":"2026-07-04T11:33:27.032Z","database_specific":{"cwe_ids":["CWE-78"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/12xxx/CVE-2026-12195.json","unresolved_ranges":[{"extracted_events":[{"fixed":"95d7e43bf286d6881ca753dac93cb42d98cc7422"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"PRJBLK"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/12xxx/CVE-2026-12195.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-12195"},{"type":"FIX","url":"https://github.com/myvesta/vesta/commit/95d7e43bf286d6881ca753dac93cb42d98cc7422"},{"type":"EVIDENCE","url":"https://projectblack.io/blog/local-ai-for-cyber-security/#myvesta-authenticated-rce"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/myvesta/vesta","events":[{"introduced":"0"},{"fixed":"95d7e43bf286d6881ca753dac93cb42d98cc7422"}],"database_specific":{"source":"REFERENCES"}}],"versions":["0.9.9-0-16","0.9.9-0-15","0.9.9-0-13","0.9.9-0-12","0.9.9-0-11","0.9.9-0-6","0.9.9-0-5","0.9.9-0-4","0.9.9-0-3","0.9.9-0","0.9.8-26-62","0.9.8-26-61","0.9.8-26-60","0.9.8-26-58","0.9.8-26-57","0.9.8-26-56","0.9.8-26-55","0.9.8-26-54","0.9.8-26-52","0.9.8-26-51","0.9.8-26-50","0.9.8-26-49","0.9.8-26-48","0.9.8-26-47","0.9.8-26-45","0.9.8-26-44","0.9.8-26-43","0.9.8-26-39","0.9.8-26-38","0.9.8-26-37","0.9.8-26-36","0.9.8-26-35","0.9.8-26-33","0.9.8-26-31","0.9.8-26-29","0.9.8-26-25","0.9.8-19","0.9.8-18","0.9.8-16","0.9.8-15","0.9.8-13","0.9.8-12","0.9.8-11","0.9.8-10"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-12195.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H"}]}