Vulnerability-Lookup

RHSA-2026:21515

Vulnerability from csaf_redhat - Published: 2026-05-27 23:06 - Updated: 2026-05-28 02:41

Summary

Red Hat Security Advisory: cockpit security update

Severity

Important

Notes

Topic: An update for cockpit is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): * cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI (CVE-2026-4802) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-4802

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.

8.0 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 21 products

Product	Version	Remediation
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.src	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-doc-0:286.2-1.el8_8.noarch	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-system-0:286.2-1.el8_8.noarch	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.src	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.TUS:cockpit-bridge-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.TUS:cockpit-debuginfo-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.TUS:cockpit-debugsource-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.TUS:cockpit-doc-0:286.2-1.el8_8.noarch	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.TUS:cockpit-system-0:286.2-1.el8_8.noarch	—	Vendor Fix fix Workaround
Unresolved product id: BaseOS-8.8.0.Z.TUS:cockpit-ws-0:286.2-1.el8_8.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

9 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:21515	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2451155	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-4802	self
https://bugzilla.redhat.com/show_bug.cgi?id=2451155	external
https://www.cve.org/CVERecord?id=CVE-2026-4802	external
https://nvd.nist.gov/vuln/detail/CVE-2026-4802	external
https://github.com/cockpit-project/cockpit/blob/e…	external

Acknowledgments

HAKAI Gabriel Rodrigues

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for cockpit is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.\n\nSecurity Fix(es):\n\n* cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI (CVE-2026-4802)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:21515",
        "url": "https://access.redhat.com/errata/RHSA-2026:21515"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2451155",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451155"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21515.json"
      }
    ],
    "title": "Red Hat Security Advisory: cockpit security update",
    "tracking": {
      "current_release_date": "2026-05-28T02:41:58+00:00",
      "generator": {
        "date": "2026-05-28T02:41:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:21515",
      "initial_release_date": "2026-05-27T23:06:46+00:00",
      "revision_history": [
        {
          "date": "2026-05-27T23:06:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-27T23:06:46+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-28T02:41:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                  "product_id": "BaseOS-8.8.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                  "product_id": "BaseOS-8.8.0.Z.TUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cockpit-0:286.2-1.el8_8.src",
                "product": {
                  "name": "cockpit-0:286.2-1.el8_8.src",
                  "product_id": "cockpit-0:286.2-1.el8_8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit@286.2-1.el8_8?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cockpit-0:286.2-1.el8_8.ppc64le",
                "product": {
                  "name": "cockpit-0:286.2-1.el8_8.ppc64le",
                  "product_id": "cockpit-0:286.2-1.el8_8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit@286.2-1.el8_8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-bridge-0:286.2-1.el8_8.ppc64le",
                "product": {
                  "name": "cockpit-bridge-0:286.2-1.el8_8.ppc64le",
                  "product_id": "cockpit-bridge-0:286.2-1.el8_8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-bridge@286.2-1.el8_8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-ws-0:286.2-1.el8_8.ppc64le",
                "product": {
                  "name": "cockpit-ws-0:286.2-1.el8_8.ppc64le",
                  "product_id": "cockpit-ws-0:286.2-1.el8_8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-ws@286.2-1.el8_8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-debugsource-0:286.2-1.el8_8.ppc64le",
                "product": {
                  "name": "cockpit-debugsource-0:286.2-1.el8_8.ppc64le",
                  "product_id": "cockpit-debugsource-0:286.2-1.el8_8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-debugsource@286.2-1.el8_8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-debuginfo-0:286.2-1.el8_8.ppc64le",
                "product": {
                  "name": "cockpit-debuginfo-0:286.2-1.el8_8.ppc64le",
                  "product_id": "cockpit-debuginfo-0:286.2-1.el8_8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-debuginfo@286.2-1.el8_8?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cockpit-0:286.2-1.el8_8.x86_64",
                "product": {
                  "name": "cockpit-0:286.2-1.el8_8.x86_64",
                  "product_id": "cockpit-0:286.2-1.el8_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit@286.2-1.el8_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-bridge-0:286.2-1.el8_8.x86_64",
                "product": {
                  "name": "cockpit-bridge-0:286.2-1.el8_8.x86_64",
                  "product_id": "cockpit-bridge-0:286.2-1.el8_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-bridge@286.2-1.el8_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-ws-0:286.2-1.el8_8.x86_64",
                "product": {
                  "name": "cockpit-ws-0:286.2-1.el8_8.x86_64",
                  "product_id": "cockpit-ws-0:286.2-1.el8_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-ws@286.2-1.el8_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-debugsource-0:286.2-1.el8_8.x86_64",
                "product": {
                  "name": "cockpit-debugsource-0:286.2-1.el8_8.x86_64",
                  "product_id": "cockpit-debugsource-0:286.2-1.el8_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-debugsource@286.2-1.el8_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
                "product": {
                  "name": "cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
                  "product_id": "cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-debuginfo@286.2-1.el8_8?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cockpit-doc-0:286.2-1.el8_8.noarch",
                "product": {
                  "name": "cockpit-doc-0:286.2-1.el8_8.noarch",
                  "product_id": "cockpit-doc-0:286.2-1.el8_8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-doc@286.2-1.el8_8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cockpit-system-0:286.2-1.el8_8.noarch",
                "product": {
                  "name": "cockpit-system-0:286.2-1.el8_8.noarch",
                  "product_id": "cockpit-system-0:286.2-1.el8_8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cockpit-system@286.2-1.el8_8?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-0:286.2-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.ppc64le"
        },
        "product_reference": "cockpit-0:286.2-1.el8_8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-0:286.2-1.el8_8.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.src"
        },
        "product_reference": "cockpit-0:286.2-1.el8_8.src",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-bridge-0:286.2-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.ppc64le"
        },
        "product_reference": "cockpit-bridge-0:286.2-1.el8_8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-bridge-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-bridge-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-debuginfo-0:286.2-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.ppc64le"
        },
        "product_reference": "cockpit-debuginfo-0:286.2-1.el8_8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-debuginfo-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-debugsource-0:286.2-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.ppc64le"
        },
        "product_reference": "cockpit-debugsource-0:286.2-1.el8_8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-debugsource-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-debugsource-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-doc-0:286.2-1.el8_8.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-doc-0:286.2-1.el8_8.noarch"
        },
        "product_reference": "cockpit-doc-0:286.2-1.el8_8.noarch",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-system-0:286.2-1.el8_8.noarch as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-system-0:286.2-1.el8_8.noarch"
        },
        "product_reference": "cockpit-system-0:286.2-1.el8_8.noarch",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-ws-0:286.2-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.ppc64le"
        },
        "product_reference": "cockpit-ws-0:286.2-1.el8_8.ppc64le",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-ws-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-ws-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-0:286.2-1.el8_8.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.src"
        },
        "product_reference": "cockpit-0:286.2-1.el8_8.src",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-bridge-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.TUS:cockpit-bridge-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-bridge-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-debuginfo-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.TUS:cockpit-debuginfo-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-debugsource-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.TUS:cockpit-debugsource-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-debugsource-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-doc-0:286.2-1.el8_8.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.TUS:cockpit-doc-0:286.2-1.el8_8.noarch"
        },
        "product_reference": "cockpit-doc-0:286.2-1.el8_8.noarch",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-system-0:286.2-1.el8_8.noarch as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.TUS:cockpit-system-0:286.2-1.el8_8.noarch"
        },
        "product_reference": "cockpit-system-0:286.2-1.el8_8.noarch",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cockpit-ws-0:286.2-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
          "product_id": "BaseOS-8.8.0.Z.TUS:cockpit-ws-0:286.2-1.el8_8.x86_64"
        },
        "product_reference": "cockpit-ws-0:286.2-1.el8_8.x86_64",
        "relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Gabriel Rodrigues"
          ],
          "organization": "HAKAI"
        }
      ],
      "cve": "CVE-2026-4802",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2026-03-25T10:32:01.264111+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2451155"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "An Important arbitrary command execution flaw exists in Cockpit\u0027s system logs UI. This vulnerability allows a remote attacker to execute arbitrary commands on the host by exploiting unsanitized user-controlled parameters within crafted links. This impacts Red Hat Enterprise Linux systems where Cockpit is installed and accessible.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.ppc64le",
          "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.src",
          "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.ppc64le",
          "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.ppc64le",
          "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.ppc64le",
          "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.E4S:cockpit-doc-0:286.2-1.el8_8.noarch",
          "BaseOS-8.8.0.Z.E4S:cockpit-system-0:286.2-1.el8_8.noarch",
          "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.ppc64le",
          "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.src",
          "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.TUS:cockpit-bridge-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.TUS:cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.TUS:cockpit-debugsource-0:286.2-1.el8_8.x86_64",
          "BaseOS-8.8.0.Z.TUS:cockpit-doc-0:286.2-1.el8_8.noarch",
          "BaseOS-8.8.0.Z.TUS:cockpit-system-0:286.2-1.el8_8.noarch",
          "BaseOS-8.8.0.Z.TUS:cockpit-ws-0:286.2-1.el8_8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4802"
        },
        {
          "category": "external",
          "summary": "RHBZ#2451155",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451155"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4802",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4802"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4802",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4802"
        },
        {
          "category": "external",
          "summary": "https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210",
          "url": "https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210"
        }
      ],
      "release_date": "2026-05-11T12:34:26.148000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-27T23:06:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.src",
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-doc-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.E4S:cockpit-system-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.src",
            "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-bridge-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-debugsource-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-doc-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.TUS:cockpit-system-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.TUS:cockpit-ws-0:286.2-1.el8_8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:21515"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nOperational risk reduction until fixes are available: restrict access to Cockpit to trusted networks/users only, and avoid opening untrusted crafted Cockpit URLs",
          "product_ids": [
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.src",
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-doc-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.E4S:cockpit-system-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.src",
            "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-bridge-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-debugsource-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-doc-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.TUS:cockpit-system-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.TUS:cockpit-ws-0:286.2-1.el8_8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.src",
            "BaseOS-8.8.0.Z.E4S:cockpit-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-bridge-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-debugsource-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.E4S:cockpit-doc-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.E4S:cockpit-system-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.ppc64le",
            "BaseOS-8.8.0.Z.E4S:cockpit-ws-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.src",
            "BaseOS-8.8.0.Z.TUS:cockpit-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-bridge-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-debuginfo-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-debugsource-0:286.2-1.el8_8.x86_64",
            "BaseOS-8.8.0.Z.TUS:cockpit-doc-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.TUS:cockpit-system-0:286.2-1.el8_8.noarch",
            "BaseOS-8.8.0.Z.TUS:cockpit-ws-0:286.2-1.el8_8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI"
    }
  ]
}

CVE-2026-4802 (GCVE-0-2026-4802)

Vulnerability from cvelistv5 – Published: 2026-05-11 12:48 – Updated: 2026-05-28 02:24

Title

Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui

Summary

Severity

8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

redhat

References

9 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:21390	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21394	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21395	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21468	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21515	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21516	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-4802	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2451155	issue-trackingx_refsource_REDHAT
https://github.com/cockpit-project/cockpit/blob/e…

Impacted products

13 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:334.2-1.el10_0 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:264.3-1.el8_6 , < * (rpm) cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:264.3-1.el8_6 , < * (rpm) cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:264.3-1.el8_6 , < * (rpm) cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:286.2-1.el8_8 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:286.2-1.el8_8 , < * (rpm) cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:356.2-1.el9_8 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:356.2-1.el9_8 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:264.3-1.el9_0 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:286.3-1.el9_2 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8

Date Public

2026-05-11 12:34

Credits

Red Hat would like to thank Gabriel Rodrigues (HAKAI) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4802",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T03:55:20.987Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-20T20:42:55.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/20/19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:334.2-1.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:264.3-1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:264.3-1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:264.3-1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:286.2-1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:286.2-1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:356.2-1.el9_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:356.2-1.el9_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:264.3-1.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:286.3-1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "cockpit",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Gabriel Rodrigues (HAKAI) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-11T12:34:26.148Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T02:24:50.605Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:21390",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21390"
        },
        {
          "name": "RHSA-2026:21394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21394"
        },
        {
          "name": "RHSA-2026:21395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21395"
        },
        {
          "name": "RHSA-2026:21468",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21468"
        },
        {
          "name": "RHSA-2026:21515",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21515"
        },
        {
          "name": "RHSA-2026:21516",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21516"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4802"
        },
        {
          "name": "RHBZ#2451155",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451155"
        },
        {
          "url": "https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-25T10:32:01.264Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-11T12:34:26.148Z",
          "value": "Made public."
        }
      ],
      "title": "Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nOperational risk reduction until fixes are available: restrict access to Cockpit to trusted networks/users only, and avoid opening untrusted crafted Cockpit URLs"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4802",
    "datePublished": "2026-05-11T12:48:08.657Z",
    "dateReserved": "2026-03-25T10:34:38.394Z",
    "dateUpdated": "2026-05-28T02:24:50.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:21515

CVE-2026-4802 (GCVE-0-2026-4802)

Tags

Sightings

Nomenclature