What is CVE-2026-4802?

CVE-2026-4802 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under OS Command Injection. CVSS score: 8.0/10. Published 2026-05-11.

How severe is CVE-2026-4802?

High severity. CVSS v3 base score is 8.0 out of 10.

Is CVE-2026-4802 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Red Hat Enterprise Linux 10

CVE-2026-4802

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). A…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (51.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Red Hat Enterprise Linux 10 — versions 0:356.2-1.el10_2
Red Hat Enterprise Linux 10.0 Extended Update Support — versions 0:334.2-1.el10_0
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8 — versions 0:310.8-1.el8_10
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support — versions 0:264.3-1.el8_6
Red Hat Enterprise Linux 8.6 Telecommunications Update Service — versions 0:264.3-1.el8_6
Red Hat Enterprise Linux 8.6 Update Services For Sap Solutions — versions 0:264.3-1.el8_6
Red Hat Enterprise Linux 8.8 Telecommunications Update Service — versions 0:286.2-1.el8_8
Red Hat Enterprise Linux 8.8 Update Services For Sap Solutions — versions 0:286.2-1.el8_8
Red Hat Enterprise Linux 9 — versions 0:356.2-1.el9_8

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

hakaioffsec/CVE-2026-4802

References

secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
secalert@redhat.com
af854a3a-2127-422b-91ae-364da2661108
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2026-4802?: CVE-2026-4802 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under OS Command Injection. CVSS score: 8.0/10. Published 2026-05-11.
How severe is CVE-2026-4802?: High severity. CVSS v3 base score is 8.0 out of 10.
Is CVE-2026-4802 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.