CoolerControl Web Service Allows Data Exposure and Unwanted Commands

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.3

CoolerControl Web Service Allows Data Exposure and Unwanted Commands

CVE-2026-5302

Summary

A recent issue in CoolerControl's web service allows unauthorized access to data and potential execution of malicious commands. This could lead to unauthorized changes to your system or data theft. Update to the latest version of CoolerControl (4.0.0 or later) to fix this issue.

Original title

CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites

Original description

CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites

nvd CVSS3.1 6.3

Vulnerability type

CWE-942

https://gitlab.com/coolercontrol/coolercontrol/-/blob/2.0.0/coolercontrold/src/a...
https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0

Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026