Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Cockpit: Unauthenticated remote code execution via web browser
RLSA-2026:7384
Summary
Cockpit, a web-based server administration tool, allows unauthorized users to execute malicious code on a server via the web browser. This could lead to server compromise and data loss. Update Cockpit to the latest version to fix this issue.
What to do
- Update cockpit to version 0:344-2.el9_7.rocky.0.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Rocky Linux:9 | – | cockpit |
< 0:344-2.el9_7.rocky.0.1 Fix: upgrade to 0:344-2.el9_7.rocky.0.1
|
Original title
Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
Original description
Cockpit enables users to administer GNU/Linux servers using a web browser. It
offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.
Security Fix(es):
* cockpit: ws: be more explicit when handling hostnames on cli (CVE-2026-4631)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.
Security Fix(es):
* cockpit: ws: be more explicit when handling hostnames on cli (CVE-2026-4631)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
osv CVSS3.1
9.8
- https://errata.rockylinux.org/RLSA-2026:7384 Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2450246 Third Party Advisory
Published: 21 May 2026 · Updated: 21 May 2026 · First seen: 21 May 2026