What is the CVSS score of CVE-2026-38993?

CVE-2026-38993 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.1%.

Is there a patch available for CVE-2026-38993?

Yes, a patch is available for CVE-2026-38993. Update the affected software to the latest version immediately.

Cockpit CMS CVE-2026-38993

EUVD-2026-26243 MEDIUM

Path Traversal (CWE-22)

2026-04-29 mitre

Path Traversal Red Hat

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

Apr 29, 2026 - 21:23 vuln.today

Analysis Generated

Apr 29, 2026 - 21:23 vuln.today

CVSS changed

Apr 29, 2026 - 21:22 NVD

6.5 (None) 6.5 (MEDIUM)

EUVD ID Assigned

Apr 29, 2026 - 15:30 euvd

EUVD-2026-26243

Analysis Generated

Apr 29, 2026 - 15:30 vuln.today

CVE Published

Apr 29, 2026 - 00:00 nvd

MEDIUM 6.5

DescriptionNVD

Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.

AnalysisAI

Cockpit CMS versions 2.13.5 and earlier allow authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets via directory traversal in the Buckets component. The vulnerability requires valid user authentication and does not impact confidentiality, but enables integrity compromise through malicious file placement or asset replacement. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory