Skip to content
CVSS 8.8 · HIGH

CVE-2026-34965

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.

Ver en NVD

Análisis

Cockpit CMS allows authenticated users with specific collection management privileges to execute arbitrary PHP code on the server. While the impact of remote code execution is high, the requirement for authenticated access and the software's niche status mean it does not meet the threshold for the general community feed.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-94

EPSS

Probabilidad de explotación (próx. 30 días): 0.0043 (0.4%)
Percentil: 62.6%
EPSS: 2026-05-06

Descripción técnica

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.

Publicada: 29/4/2026, 20:16:29
Última modificación: 29/4/2026, 21:22:20

Referencias

InicioEventosBlogRecursosEquipo