cockpit-hq/cockpit Security Advisories for 2.8.3 (3)
-
[LOW] Cockpit has NoSQL Injection Through Content Aggregation Pipelines
PKSA-qffw-6vr2-p3h9 CVE-2026-6626 GHSA-5pv2-86qj-5jf9
Affected version: <2.14.0
Reported by:
GitHub -
[HIGH] Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
PKSA-rm9w-whnt-2jgw CVE-2026-31891 GHSA-7x5c-vfhj-9628
Affected version: <2.13.5
Reported by:
GitHub -
[MEDIUM] Cockpit - Content Platform vulnerable to XSS through name or email argument names
PKSA-htm2-8b2r-zt3z CVE-2025-7053 GHSA-j4rj-fgcq-wmqp
Affected version: <2.11.4
Reported by:
GitHub