Cockpit-project Cockpit
5 CVEs affecting Cockpit-project Cockpit. Latest disclosed: 2026-07-02. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-58467 | High | 7.5 | 2026-07-02 | Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files o… |
CVE-2021-3698 | High | 7.5 | 2022-03-10 | A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD)… |
CVE-2019-3804 | High | 7.5 | 2019-03-26 | It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated at… |
CVE-2020-35850 | Medium | 6.5 | 2020-12-30 | An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't thin… |
CVE-2021-3660 | Medium | 4.3 | 2022-03-10 | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside… |