Zero Day MonitorZDM

← Back to list

8.0

CVE-2026-4802

red hat · red hat enterprise linux

Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui

Description

A vulnerability categorized as critical has been discovered in Cockpit-HQ Cockpit. This issue affects some unknown processing of the component System Logs User Interface. Executing a manipulation can lead to os command injection. This vulnerability appears as CVE-2026-4802. The attack may be performed from remote.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/security/cve/CVE-2026-4802(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2451155(issue-tracking, x_refsource_REDHAT)
https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-4802 | Cockpit-HQ Cockpit System Logs User Interface os command injection

→ No new info (linked only)

CVSS 3.18.0 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-78

PublishedMay 11, 2026

Last enriched5h agov2

Trending Score27

Source articles1

Independent1

Info Completeness6/14

Missing: versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-4424

Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

NONECVE-2026-33845

Gnutls: gnutls: denial of service via dtls zero-length fragment

NONECVE-2026-3832

Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response

Multiple vulnerabilities in Red Hat Linux kernel

NONECVE-2026-42010

Gnutls: gnutls: authentication bypass via nul character in username

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 11, 2026

Discovered by ZDM

May 11, 2026

Updated: description, severity

May 11, 2026

Version History

v2

Last enriched 5h ago

v2Tier C6h ago

Updated vendor to Cockpit-HQ, product to Cockpit, severity to CRITICAL, and corrected exploit availability to false.

descriptionseverity

via VulDB

v16h ago

Initial creation