← back
CVE-2021-47871

Hestia Control Panel 1.3.2 - Arbitrary File Write

CVSS 8.6 HIGHEPSS 0.4%CWE-73
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Hestia Control Panel · Hestia Control Panel

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/hestiacp/hestiacphttps://hestiacp.com/https://www.exploit-db.com/exploits/49667https://www.vulncheck.com/advisories/hestia-control-panel-arbitrary-file-write