CVE-2026-38993

Vulnerability Description

Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.

Vulnerability Details

Published Date

April 29, 2026

Last Modified

April 29, 2026

Source

NVD

External References

https://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/
https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.14.0

CVE-2026-38993

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment