EUVD-2026-19814
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability.
Analysis
Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the host system by injecting malicious SSH options through the login endpoint. Affecting Red Hat Enterprise Linux versions 7 through 10, this critical pre-authentication vulnerability (CVSS 9.8) requires no credentials and executes code before any authentication checks occur. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Cockpit deployments across RHEL 7-10 systems and immediately restrict network access to Cockpit web interface (default port 9090) to trusted networks only via firewall rules or network segmentation; disable Cockpit service on internet-facing systems if operationally feasible. Within 7 days: Monitor Red Hat Security Advisories (RHSA) and Customer Portal for patch availability; establish a patching schedule for immediate deployment once vendor release is confirmed. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today