CVE-2026-34965
Cockpit CMS Authenticated Remote Code Execution via Collections
Vexday Risk Score
41Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 8.7EPSS 0.8%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
29 abr 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Cockpit · Cockpit CMSPoCs públicas encontradas — 1
cve_referencegist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://gist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90https://github.com/agentejo/cockpithttps://github.com/agentejo/cockpit/commits/494765e4f0fb9484f320aee0c6ee889b6fa789b9https://www.vulncheck.com/advisories/cockpit-cms-authenticated-remote-code-execution-via-collections