CVE-2026-4802

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.0 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.

Vulnerability Details

Published Date

May 11, 2026

Last Modified

May 12, 2026

CWE ID

CWE-78

Source

NVD

External References

https://access.redhat.com/security/cve/CVE-2026-4802
https://bugzilla.redhat.com/show_bug.cgi?id=2451155
https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210

CVE-2026-4802

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment