Description
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.
Published: 2026-05-11
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Cockpit allows a remote attacker to inject shell metacharacters and command substitutions into unsanitized user‑controlled parameters within crafted links in the system logs user interface. This injection leads to arbitrary shell command execution on the host, giving the attacker full system compromise. The vulnerability is a command injection defect classified as CWE‑78.

Affected Systems

Red Hat Enterprise Linux 7, 8, 9, and 10 contain the affected Cockpit component. All current installations of Cockpit on these platforms are vulnerable; no specific release is listed, so every bundled version remains at risk until a vendor fix is released.

Risk and Exploitability

The CVSS score of 8 indicates high severity. EPSS is not available, and the absence of any remediation suggests the flaw remains exploitable. Attackers must gain access to the Cockpit web UI, which typically listens on port 9090 based on Cockpit's default configuration; this inference is drawn because the CVE data does not explicitly state the port. The UI requires authentication. The likely attack vector is a web‑based exploitation of the Cockpit UI. If the service is exposed to untrusted networks, the vulnerability can be leveraged to execute arbitrary code, leading to complete system compromise.

Generated by OpenCVE AI on May 11, 2026 at 17:11 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Operational risk reduction until fixes are available: restrict access to Cockpit to trusted networks/users only, and avoid opening untrusted crafted Cockpit URLs

OpenCVE Recommended Actions

  • Restrict Cockpit access to trusted networks or users only, ensuring the web UI is not exposed to untrusted connections.
  • Implement firewall rules or network segmentation to block inbound traffic to the Cockpit port unless it originates from authorized hosts.
  • Monitor web server and system logs for anomalous URL traffic or shell metacharacter patterns that could indicate exploitation attempts.
  • Stay current with Red Hat security advisories and apply any future Cockpit update or patch as soon as it becomes available.

Generated by OpenCVE AI on May 11, 2026 at 17:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.
Title Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-78
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-12T03:55:20.987Z

Reserved: 2026-03-25T10:34:38.394Z

Link: CVE-2026-4802

cve-icon Vulnrichment

Updated: 2026-05-11T13:38:53.221Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T14:16:31.550

Modified: 2026-05-12T14:20:56.547

Link: CVE-2026-4802

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-11T12:34:26Z

Links: CVE-2026-4802 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T09:23:13Z

Weaknesses