cockpit-hq/cockpit Security Advisories for 2.13.5 (4)
-
[MEDIUM] Cockpit is vulnerable to directory traversal
PKSA-gx1h-274c-423s CVE-2026-38993 GHSA-p46p-7pmj-m34f
Affected version: <2.14.0
Reported by:
GitHub -
[HIGH] Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type
PKSA-dpw9-65w1-pksf CVE-2026-38991 GHSA-j2rx-4jg9-79mw
Affected version: <2.14.0
Reported by:
GitHub -
[CRITICAL] Cockpit is vulnerable to arbitrary code execution
PKSA-496r-cnzn-ck12 CVE-2026-38992 GHSA-fm6c-rhcf-7439
Affected version: <2.14.0
Reported by:
GitHub -
[LOW] Cockpit has NoSQL Injection Through Content Aggregation Pipelines
PKSA-qffw-6vr2-p3h9 CVE-2026-6626 GHSA-5pv2-86qj-5jf9
Affected version: <2.14.0
Reported by:
GitHub