cockpit-hq/cockpit Security Advisories for 2.12.1 (5)
-
[MEDIUM] Cockpit is vulnerable to directory traversal
PKSA-gx1h-274c-423s CVE-2026-38993 GHSA-p46p-7pmj-m34f
Affected version: <2.14.0
Reported by:
GitHub -
[HIGH] Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type
PKSA-dpw9-65w1-pksf CVE-2026-38991 GHSA-j2rx-4jg9-79mw
Affected version: <2.14.0
Reported by:
GitHub -
[CRITICAL] Cockpit is vulnerable to arbitrary code execution
PKSA-496r-cnzn-ck12 CVE-2026-38992 GHSA-fm6c-rhcf-7439
Affected version: <2.14.0
Reported by:
GitHub -
[LOW] Cockpit has NoSQL Injection Through Content Aggregation Pipelines
PKSA-qffw-6vr2-p3h9 CVE-2026-6626 GHSA-5pv2-86qj-5jf9
Affected version: <2.14.0
Reported by:
GitHub -
[HIGH] Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
PKSA-rm9w-whnt-2jgw CVE-2026-31891 GHSA-7x5c-vfhj-9628
Affected version: <2.13.5
Reported by:
GitHub