CVE-2026-34965
HIGHCockpit CMS Authenticated Remote Code Execution via Collections
Title source: cnaDescription
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
References (4)
Scores
CVSS v3
8.8
EPSS
0.0039
EPSS Percentile
59.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
Cockpit/Cockpit CMS
< 494765e
Published
Apr 29, 2026
Tracked Since
Apr 30, 2026