CVE-2026-34965

Published: Apr 29, 2026

Modified: May 1, 2026

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.

Vendor	Product	Versions
Cockpit	Cockpit CMS	affected `0 - <= 494765e`

Weaknesses (CWE)

CWE-94

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/agentejo/cockpit

product

https://gist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90

exploit

technical-description

https://github.com/agentejo/cockpit/commits/494765e4f0fb9484f320aee0c6ee889b6fa789b9

third-party-advisory

https://www.vulncheck.com/advisories/cockpit-cms-authenticated-remote-code-execution-via-collections

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-34965

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References