CVE-2026-38992

216.73.217.174

· Published 29/04/2026 15:16 · Modified 29/04/2026 21:22

Labels: CVE-2026-38992 2026-04-29 CVE-2026-38992 [email protected]

Essential information

Published: 29/04/2026 15:16
Modified: 29/04/2026 21:22
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
cockpit / cockpit	`cpe:2.3:a:cockpit:cockpit:<2.13.5::::::`

CVE-2026-38992

Essential information

Description

NVD status

Affected products (CPE)

References