CVE-2026-29858

Description

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.

References

• https://github.com/aapanel/aapanel
• https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2026-29858