Bug 2451155 (CVE-2026-4802)
| Summary: | CVE-2026-4802 cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | agk, duffy, jvanderwaa, rhel-process-autobot, security-response-team, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2480095 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-25 10:32:45 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:21390 https://access.redhat.com/errata/RHSA-2026:21390 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:21395 https://access.redhat.com/errata/RHSA-2026:21395 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:21394 https://access.redhat.com/errata/RHSA-2026:21394 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:21392 https://access.redhat.com/errata/RHSA-2026:21392 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:21468 https://access.redhat.com/errata/RHSA-2026:21468 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:21515 https://access.redhat.com/errata/RHSA-2026:21515 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:21516 https://access.redhat.com/errata/RHSA-2026:21516 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:21647 https://access.redhat.com/errata/RHSA-2026:21647 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:21676 https://access.redhat.com/errata/RHSA-2026:21676 Upstream advisory: https://github.com/cockpit-project/cockpit/security/advisories/GHSA-6jmq-qw8f-w3r6 Upstream commit: https://github.com/cockpit-project/cockpit/commit/e3a47d70f99a0dbbb427b3146ae9571cecc44296 Fixed upstream in versions 362 and 356.2. |