CVE-2026-38992
published 2026-04-29CVE-2026-38992: Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.43%
34.2th percentile
Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cockpit-hq | cockpit | >= 0 < 2.14.0 | 2.14.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Cockpit up to 2.13.5 Endpoint func privilege escalation
vuldb·2026-04-29
CVE-2026-38992 [CRITICAL] Cockpit up to 2.13.5 Endpoint func privilege escalation
A vulnerability was found in Cockpit up to 2.13.5. It has been rated as critical. The affected element is an unknown function of the component Endpoint. This manipulation of the argument func causes privilege escalation.
This vulnerability is tracked as CVE-2026-38992. The attack is possible to be carried out remotely. No exploit exists.
GHSA
Cockpit is vulnerable to arbitrary code execution
ghsa·2026-04-29
CVE-2026-38992 [CRITICAL] CWE-94 Cockpit is vulnerable to arbitrary code execution
Cockpit is vulnerable to arbitrary code execution
Cockpit versions 2.13.5 and earlier are vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-29
Published