CVE-2026-34965
Cockpit CMS Authenticated Remote Code Execution via Collections
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
| CWE | CWE-94 |
| Vendor | cockpit |
| Product | cockpit cms |
| Published | Apr 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for cockpit cockpit cms
Be the first to know when new high vulnerabilities affecting cockpit cockpit cms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Cockpit / Cockpit CMS
0 โค 494765e
References
github.com: https://github.com/agentejo/cockpit gist.github.com: https://gist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90 github.com: https://github.com/agentejo/cockpit/commits/494765e4f0fb9484f320aee0c6ee889b6fa789b9 vulncheck.com: https://www.vulncheck.com/advisories/cockpit-cms-authenticated-remote-code-execution-via-collections
Credits
Piyush Kumar Shukla