CVE-2026-5300

MEDIUM

Missing Authentication for Critical Function in coolercontrold

Title source: cna

Description

Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests

References (2)

https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1.1/coolercontrold/src/api/router.rs?ref_type=tags

View Writeup ZIP pw:eip

https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0

Scores

CVSS v3 5.9

EPSS 0.0002

EPSS Percentile 3.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (2)

coolercontrol/coolercontrold < 4.0.0

CoolerControl/coolercontrold 0.14.0 - 4.0.0

Published Apr 08, 2026

Tracked Since Apr 08, 2026