Share
## https://sploitus.com/exploit?id=6FA4EF49-7246-57C8-ACC6-168343F284D5
# CyberPanel XSS to RCE (CVE-2026-XXXXX)

One-click Remote Code Execution in CyberPanel v2.4.3 via unauthenticated API endpoints.

## Overview

This exploit chains multiple vulnerabilities in CyberPanel's AI Scanner feature:

1. **Unauthenticated Database Injection** โ€” `/api/ai-scanner/callback` accepts arbitrary data without authentication
2. **Stored XSS** โ€” Malicious payloads are rendered unsanitized in the admin dashboard
3. **CSRF to RCE** โ€” XSS hijacks admin session to create a malicious cron job

## Affected Versions

- CyberPanel โ‰ค 2.4.3