VDB

RHSA-2026%3A21647

RHSA-2026%3A21647 PUBLISHED CVSS 8 HIGH

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.

Risk Scores

CVSS 3.1
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatcockpit-debugsource-0:311.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)311.3-1.el9
Red Hatcockpit-debugsource-0:311.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)311.3-1.el9
Red Hatcockpit-0:311.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)311.3-1.el9
Red Hatcockpit-ws-0:311.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)311.3-1.el9
Red Hatcockpit-debugsource-0:311.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-debugsource-0:311.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-system-0:311.3-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-0:311.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)311.3-1.el9
Red Hatcockpit-debugsource-0:311.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)311.3-1.el9
Red Hatcockpit-ws-0:311.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-0:311.3-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-0:311.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-debuginfo-0:311.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-pcp-0:311.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-debuginfo-0:311.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)311.3-1.el9
Red Hatcockpit-bridge-0:311.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-packagekit-0:311.3-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-ws-0:311.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-pcp-0:311.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)311.3-1.el9
Red Hatcockpit-doc-0:311.3-1.el9_4.noarch as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)311.3-1.el9

…and 38 more

Timeline

  • May 28, 2026 CVE Published
  • May 28, 2026 CVE Updated
  • May 28, 2026 Distribution Patch
  • May 28, 2026 Distribution Patch
  • May 28, 2026 Security Advisory
  • May 28, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›