CVE-2026-4802
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting un
CVSS
8.0
Alto
EPSS
1.0%
p59
KEV
—
Exploit Today
18
0-100
Publicado: 11 may 2026 · Última mod.: 15 jul 2026 · CWE-78
1.0%EPSS · 30 días1.0%
2026-06-302026-07-16
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21390
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21392
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21394
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21395
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21468
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21515
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21516
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21647
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21676
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21700
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-4802
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2451155
- github.comhttps://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2026/05/20/19
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21390
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21392
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21394
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21395
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21468
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21515
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2024-121210.0 CRÍ99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability4dCVE-2022-262589.8 CRÍ99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability8dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2021-252988.8 ALT99.5%
KEV—80Nagios XI OS Command Injection8dCVE-2021-252978.8 ALT98.9%
KEV—80Nagios XI OS Command Injection8d