Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible with no auth or user interaction required; impact is limited to partial confidentiality loss (config file exposure), no integrity or availability consequence.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Unauthenticated remote file and directory exposure in agentejo Cockpit CMS 0.12.2 and earlier allows attackers to access files outside the web root via path traversal through the htaccess Handler's YAML configuration loader. The root cause is CWE-552 (Files or Directories Accessible to External Parties), triggered by unsafe processing of /config/config.yaml via the Spyc::YAMLLoad function, which can expose sensitive configuration data including credentials or internal path structures. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Target must be running agentejo Cockpit CMS version 0.12.2 or earlier with the htaccess Handler component active - this is the default configuration for Apache-hosted deployments. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 6.9 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N) reflects a remotely exploitable, low-complexity flaw requiring no authentication, but with only low confidentiality impact - no integrity or availability consequences are assessed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker sends a crafted HTTP GET request to a publicly accessible Cockpit CMS instance, targeting the htaccess Handler's YAML config loading path with traversal sequences (e.g., ../../config/config.yaml or equivalent). Because the .htaccess-based restriction is not reliably enforced by the handler, the server returns the raw contents of the YAML configuration file, potentially exposing database credentials, API keys, or internal directory structures. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the vendor (agentejo) did not respond to disclosure. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40030
GHSA-q4hh-wg87-823q