Is there a public PoC exploit available for CVE-2026-6626?

Yes, a public proof-of-concept exploit is available for CVE-2026-6626. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-6626?

Yes, a patch is available for CVE-2026-6626. Update the affected software to the latest version immediately.

Cockpit CVE-2026-6626

Q: What is the CVSS score of CVE-2026-6626?

CVE-2026-6626 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-23822 LOW

Improper Neutralization of Special Elements in Data Query Logic (CWE-943)

2026-04-20 VulDB

GHSA-5pv2-86qj-5jf9

Nosql Injection Information Disclosure Cockpit

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:12 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:12 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Patch released

Apr 24, 2026 - 02:30 nvd

Patch available

Analysis Generated

Apr 20, 2026 - 10:28 vuln.today

CVSS changed

Apr 20, 2026 - 10:22 NVD

6.3 (MEDIUM) 5.3 (MEDIUM)

EUVD ID Assigned

Apr 20, 2026 - 10:15 euvd

EUVD-2026-23822

Analysis Generated

Apr 20, 2026 - 10:15 vuln.today

CVE Published

Apr 20, 2026 - 09:45 nvd

LOW 2.1

DescriptionCVE.org

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

NoSQL injection in Cockpit-HQ Cockpit up to version 2.13.5 allows authenticated remote attackers to manipulate data query logic through the Asset Handler or Aggregate Handler components, resulting in information disclosure with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain valid Cockpit credentials

Delivery

Authenticate to Cockpit instance

Exploit

Access Asset Handler or Aggregate Handler endpoint

Execution

Inject NoSQL operator in query parameter

Persist

Bypass data access restrictions

Impact

Extract unauthorized data