rpm package
almalinux/cockpit-ws-selinux
pkg:rpm/almalinux/cockpit-ws-selinux
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4802 | Hig | 8.0 | < 356.2-1.el9_8 | 356.2-1.el9_8 | May 11, 2026 | A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacter | |
| CVE-2026-4631 | Cri | 9.8 | < 344-2.el9_7 | 344-2.el9_7 | Apr 7, 2026 | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects m |
- affected < 356.2-1.el9_8fixed 356.2-1.el9_8
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacter
- affected < 344-2.el9_7fixed 344-2.el9_7
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects m