CVE-2026-38993
published 2026-04-29CVE-2026-38993: Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to…
PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.83%
53.1th percentile
Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agentejo | cockpit | — | — |
| cockpit-hq | cockpit | >= 0 < 2.14.0 | 2.14.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component
vendor_redhat·2026-04-29·CVSS 6.5
CVE-2026-38993 [MEDIUM] CWE-22 Cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component
Cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component
A flaw was found in Cockpit. This vulnerability, identified as a directory traversal, allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite existing assets with malicious versions. The exploitation occurs via the Buckets component. This could lead to unauthorized modification of data and potential system compromise.
Package: cockpit (Red Hat Enterprise Linux 10) - Not affected
Package: cockpit (Red Hat Enterprise Linux 7) - Not affected
Package: cockpit (Red Hat Enterprise Linux 8) - Not affected
Package: cockpit (Red Hat Enterprise Linux 9) - Not affected
GHSA
Cockpit is vulnerable to directory traversal
ghsa·2026-04-29
CVE-2026-38993 [MEDIUM] CWE-22 Cockpit is vulnerable to directory traversal
Cockpit is vulnerable to directory traversal
Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.
VulDB
Cockpit up to 2.13.5 Buckets path traversal
vuldb·2026-04-29·CVSS 6.5
CVE-2026-38993 [MEDIUM] Cockpit up to 2.13.5 Buckets path traversal
A vulnerability was found in Cockpit up to 2.13.5. It has been classified as critical. The impacted element is an unknown function of the component Buckets. This manipulation causes path traversal.
The identification of this vulnerability is CVE-2026-38993. It is possible to initiate the attack remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-38993 cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component [fedora-all]
bugzilla·2026-04-30·CVSS 6.5
CVE-2026-38993 [MEDIUM] CVE-2026-38993 cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component [fedora-all]
CVE-2026-38993 cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-38993 Cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component
bugzilla·2026-04-29·CVSS 6.5
CVE-2026-38993 [MEDIUM] CVE-2026-38993 Cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component
CVE-2026-38993 Cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component
Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.
https://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.14.0https://access.redhat.com/security/cve/CVE-2026-38993https://bugzilla.redhat.com/show_bug.cgi?id=2463843https://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-38993.json
2026-04-29
Published