agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access_CVE-2026-13533

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-13533

Source VulDB

Published Jun 29, 2026 at 04:00

Affected Product

Vendor agentejo

Product Cockpit CMS

Version 0.12.0

Affected Versions agentejo Cockpit CMS 0.12.0
agentejo Cockpit CMS 0.12.1
agentejo Cockpit CMS 0.12.2

CWE Classification

CWE-552 CWE-425

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-29T04:00:07.810Z",
    "modified": "2026-06-29T04:00:07.810Z",
    "type": "cve",
    "title": "agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/374541\nhttps://vuldb.com/vuln/374541/cti\nhttps://vuldb.com/cve/CVE-2026-13533\nhttps://vuldb.com/submit/841343\nhttps://gist.github.com/nov-1337/3eb0a06c602ced9c3b11b675b53947da",
    "id": "CVE-2026-13533",
    "bulletinFamily": "",
    "cwe": [
        "CWE-552",
        "CWE-425"
    ],
    "cvelist": null,
    "sourceData": "agentejo Cockpit CMS 0.12.0\nagentejo Cockpit CMS 0.12.1\nagentejo Cockpit CMS 0.12.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cockpit CMS",
    "version": "0.12.0",
    "vendor": "agentejo",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}