NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-38992

Summary	Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.
Publication Date	April 30, 2026, 12:16 a.m.
Registration Date	April 30, 2026, 4:10 a.m.
Last Update	April 30, 2026, 12:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/	cve@mitre.org
2	https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.14.0	cve@mitre.org

Common Vulnerabilities List