CVE-2026-38992

Vulnerability Description

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.

Vulnerability Details

Published Date

April 29, 2026

Last Modified

April 29, 2026

Source

NVD

External References

https://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/
https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.14.0

CVE-2026-38992

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment