VYPR

rpm package

almalinux/cockpit-ws-selinux

pkg:rpm/almalinux/cockpit-ws-selinux

Vulnerabilities (2)

  • CVE-2026-4802HigMay 11, 2026
    affected < 356.2-1.el9_8fixed 356.2-1.el9_8

    A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacter

  • CVE-2026-4631CriApr 7, 2026
    affected < 344-2.el9_7fixed 344-2.el9_7

    Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects m