1panel

This hub aggregates every CVE we track for 1panel, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting 1panel.

• CVE-2026-235251panel App Store vulnerable to Cross-site Scripting6.4Jan 18, 2026
• CVE-2025-344291Panel CSRF Web Port Configuration Change7.1Dec 10, 2025
• CVE-2025-344301Panel CSRF Panel Name Modification4.3Dec 10, 2025
• CVE-2025-344101Panel CSRF in Change Username Functionality Allows Account Lockout7.1Dec 10, 2025
• CVE-2025-665081Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers6.5Dec 9, 2025
• CVE-2025-665071Panel – CAPTCHA Bypass via Client-Controlled Flag7.5Dec 9, 2025
• CVE-2025-56413OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.8.8Sep 10, 2025
• CVE-2025-544241Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution8.1Aug 1, 2025
• CVE-2024-399111Panel SQL injection10.0Jul 18, 2024
• CVE-2024-39907a sqlinjection in 1Panel 9.8Jul 18, 2024
• CVE-2024-34352Arbitrary file write vulnerability in 1Panel 6.5May 9, 2024
• CVE-2024-302571Panel's password verification is suspected to have a timing attack vulnerability3.9Apr 18, 2024
• CVE-2024-23521Panel swap baseApi.UpdateDeviceSwap command injection6.3Mar 10, 2024
• CVE-2024-272881Panel open source panel project has an unauthorized vulnerability.6.3Mar 6, 2024
• CVE-2024-247681Panel set-cookie is missing the Secure keyword6.5Feb 5, 2024