CoolerControl: Unauthenticated Data Exposure and Modification

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.9

CoolerControl: Unauthenticated Data Exposure and Modification

CVE-2026-5300

Summary

The CoolerControl software allows anyone to access and change sensitive information without needing a password. This means unauthorized users can view and alter data that might be meant for authorized users. To fix this, update CoolerControl to version 4.0.0 or newer.

Original title

Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests

Original description

Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests

nvd CVSS3.1 5.9

Vulnerability type

CWE-306 Missing Authentication for Critical Function

https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1.1/coolercontrold/src/a...
https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0

Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026