CVE-2026-4631
CRITICAL NUCLEICockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection
Title source: cnaDescription
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability.
Exploits (2)
github
NO CODE
1 stars
by Hex0rc1st · pythonpoc
https://github.com/Hex0rc1st/CVE_POC_monitor/tree/main/article/uploads/demo_1776333073/【已复现】Cockpit 远程代码执行漏洞(CVE-2026-4631)安全风险通告
Nuclei Templates (1)
Cockpit Web Console < 360 - Remote Code Execution
CRITICALVERIFIEDby DhiyaneshDk
Shodan:
title:"Cockpit"
FOFA:
title="Cockpit"
References (7)
Scores
CVSS v3
9.8
EPSS
0.0311
EPSS Percentile
86.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (8)
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10
0:344-3.el10_1
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:334.1-3.el10_0
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Enterprise Linux 9
0:344-2.el9_7
Red Hat/Red Hat Enterprise Linux 9.6 Extended Update Support
0:334.2-2.el9_6
Published
Apr 07, 2026
Tracked Since
Apr 07, 2026