New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HestiaCP servers are actively being exploited
HestiaCP servers are actively being exploited. If you have web terminal enabled check for IOCs. Surprisingly they didn't mention this on their latest release notes.
https://nvd.nist.gov/vuln/detail/CVE-2026-43634
https://mercuryiss.com.au/hestiacp-unauthenticated-rce-ip-spoofing-cve-2026-43633-cve-2026-43634
Comments
Fuck
Published: 19 May 2026
You are 2 weeks late. And the patch was merged in March.
People who didn't update their shit for 3 months deserve to be pwned.
Yes this was patched on March 19. But check the NVD date and 1.9.5(28th May) and 1.9.6(29th May) release date. If you use HestiaCP you should know how the upgrade process works.