CVE-2026-13533

MEDIUM 5.3

agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-552 CWE-425
Vendor	agentejo
Product	cockpit cms
Published	Jun 29, 2026

Stay Ahead of the Next One

Get instant alerts for agentejo cockpit cms

Be the first to know when new medium vulnerabilities affecting agentejo cockpit cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

agentejo / Cockpit CMS

0.12.0 0.12.1 0.12.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/374541 vuldb.com: https://vuldb.com/vuln/374541/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13533 vuldb.com: https://vuldb.com/submit/841343 gist.github.com: https://gist.github.com/nov-1337/3eb0a06c602ced9c3b11b675b53947da

Credits

🔍 nov_ (VulDB User) VulDB CNA Team