CVE 8.8 HIGH

CVE-2026-38991_CVE-2026-38991

April 29, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code to be executed on the underlying server.

AI Analysis

Misconfiguration in Bucket component allowing arbitrary code execution

Basic Information

ID CVE-2026-38991

Source mitre

Published Apr 29, 2026 at 00:00

Modified Apr 29, 2026 at 20:23

Affected Product

Vendor Cockpit-HQ

Product Cockpit

Version 2.13.5

Affected Versions n/a n/a n/a

CWE Classification

CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Cockpit-HQ

Product Cockpit

Version 2.13.5

References

{
    "lastseen": "",
    "description": "Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code to be executed on the underlying server.",
    "published": "2026-04-29T00:00:00.000Z",
    "modified": "2026-04-29T20:23:41.211Z",
    "type": "cve",
    "title": "CVE-2026-38991",
    "source": "mitre",
    "references": "https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.14.0\nhttps://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/",
    "id": "CVE-2026-38991",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cockpit",
    "version": "2.13.5",
    "vendor": "Cockpit-HQ",
    "ai_description": "Misconfiguration in Bucket component allowing arbitrary code execution",
    "ai_severity": "High",
    "ai_vendor": "Cockpit-HQ",
    "ai_product": "Cockpit",
    "ai_version": "2.13.5",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply