Is Cockpit CMS affected by CVE-2026-38992?

Cockpit CMS versions 2.13.5 and earlier contain a critical remote code execution vulnerability affecting unauthenticated users, enabling complete server compromise through malicious filter parameters.

Cockpit CMS CVE-2026-38992

EUVD-2026-26232 CRITICAL

Code Injection (CWE-94)

2026-04-29 mitre

Code Injection RCE N A

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

Apr 30, 2026 - 16:22 vuln.today

Analysis Generated

Apr 30, 2026 - 16:22 vuln.today

CVSS changed

Apr 30, 2026 - 16:22 NVD

9.8 (None) 9.8 (CRITICAL)

DescriptionNVD

Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.

AnalysisAI

Remote code execution in Cockpit CMS versions 2.13.5 and earlier allows unauthenticated attackers to execute arbitrary system commands on the server by injecting malicious payloads through the filter parameter across multiple endpoints. The vulnerability exploits the MongoLite database layer's $func operator, which processes user-controlled input as executable code. …

RemediationAI

Within 24 hours: Identify all Cockpit CMS deployments and document versions in use; immediately isolate affected instances from production networks or restrict inbound access to trusted sources only. Within 7 days: Evaluate migration to alternative CMS platforms or implement Web Application Firewall (WAF) rules blocking requests containing suspicious MongoLite $func operator syntax in filter parameters across all endpoints. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-38992 vulnerability details – vuln.today

Back

Cockpit CMS CVE-2026-38992

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code