Red Hat Product Errata RHSA-2026:21700 - Security Advisory
Issued:
2026-05-28
Updated:
2026-05-28

RHSA-2026:21700 - Security Advisory

Synopsis

Important: cockpit security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for cockpit is now available for Red Hat Enterprise Linux 8.10

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

Cockpit enables users to administer GNU/Linux servers using a web browser. It
offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.

Security Fix(es):

  • cockpit: Cockpit: Arbitrary command execution via crafted links in system logs

UI (CVE-2026-4802)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

  • RHEL-171012 - RHEL 8.10: IdleTimeout ignored for Chromium browsers

Red Hat Enterprise Linux for x86_64 8

SRPM
cockpit-310.8-1.el8_10.src.rpm SHA-256: bc5bc731187d964c5d997310ab31ce56689b24d078af0597d6a8e6f3209efd7a
x86_64
cockpit-310.8-1.el8_10.x86_64.rpm SHA-256: 563c4e126740997a1e49dd4b8dc65d0da121442c76ffee48aae340e845c453fe
cockpit-bridge-310.8-1.el8_10.x86_64.rpm SHA-256: 50c77fe66890f88d9cb607c5df44ba4be71545434b67b21eefb5c23e0de6dba7
cockpit-debuginfo-310.8-1.el8_10.x86_64.rpm SHA-256: c3ce24dec2362b951544389db81e7f99598cf6940792466be88c5daa33e8eeb9
cockpit-debugsource-310.8-1.el8_10.x86_64.rpm SHA-256: 38f1b3ed3c2762c3c439b0ce5b38a8199c472fb4b3e8e845b0cc700e1edf8e12
cockpit-doc-310.8-1.el8_10.noarch.rpm SHA-256: ee5444a8e82d39824ae85d36564885eb6db1d1fc7e8de3ddc47686355f1b45c5
cockpit-system-310.8-1.el8_10.noarch.rpm SHA-256: 5513427a6ac5bb313e555d180e216ca1eff3a64e1ad69945706a5df4e8e6c9b6
cockpit-ws-310.8-1.el8_10.x86_64.rpm SHA-256: e814ba0e17c66a5d41032d3f012135d08e945ed31c0cdc7c6c50917535e61962

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
cockpit-310.8-1.el8_10.src.rpm SHA-256: bc5bc731187d964c5d997310ab31ce56689b24d078af0597d6a8e6f3209efd7a
s390x
cockpit-310.8-1.el8_10.s390x.rpm SHA-256: 30e0f95b2f07271e4c2708484a425918836f88383557121539d80b48626b2e91
cockpit-bridge-310.8-1.el8_10.s390x.rpm SHA-256: 0c6195ca2119304bb6ff737e906f0228dd332d60670bf6f83423db7af67473ef
cockpit-debuginfo-310.8-1.el8_10.s390x.rpm SHA-256: d68b9bfa71740d86c191b85e6c484e04af4bfd2eab52098dc6b35e934133f152
cockpit-debugsource-310.8-1.el8_10.s390x.rpm SHA-256: cb41fc87b9546ae1aae7ae9e7ee0c44b78765a4c8ee521b170e0fba06c9393d1
cockpit-doc-310.8-1.el8_10.noarch.rpm SHA-256: ee5444a8e82d39824ae85d36564885eb6db1d1fc7e8de3ddc47686355f1b45c5
cockpit-system-310.8-1.el8_10.noarch.rpm SHA-256: 5513427a6ac5bb313e555d180e216ca1eff3a64e1ad69945706a5df4e8e6c9b6
cockpit-ws-310.8-1.el8_10.s390x.rpm SHA-256: b5d03eb7c3e671ef2d1edfbdc7a47c353685c609f201ec1883cf3eba1e48aa07

Red Hat Enterprise Linux for Power, little endian 8

SRPM
cockpit-310.8-1.el8_10.src.rpm SHA-256: bc5bc731187d964c5d997310ab31ce56689b24d078af0597d6a8e6f3209efd7a
ppc64le
cockpit-310.8-1.el8_10.ppc64le.rpm SHA-256: 0dcf5430dbd44899a7357528441428dfca5b826be5206e168d68ef4cf7a76ac4
cockpit-bridge-310.8-1.el8_10.ppc64le.rpm SHA-256: 7d1734298f7b653ce413b304c1ca1f000749151269e0aa88cc2d6bf2e84b6296
cockpit-debuginfo-310.8-1.el8_10.ppc64le.rpm SHA-256: b12d97c60884e4b80d5f32150848fd8939a4aa321564661a2449269a92b66fd7
cockpit-debugsource-310.8-1.el8_10.ppc64le.rpm SHA-256: 479479a8a3f4aaeb9451ef6673f29d994933d67d5a19b64af178c90cd5b1208c
cockpit-doc-310.8-1.el8_10.noarch.rpm SHA-256: ee5444a8e82d39824ae85d36564885eb6db1d1fc7e8de3ddc47686355f1b45c5
cockpit-system-310.8-1.el8_10.noarch.rpm SHA-256: 5513427a6ac5bb313e555d180e216ca1eff3a64e1ad69945706a5df4e8e6c9b6
cockpit-ws-310.8-1.el8_10.ppc64le.rpm SHA-256: 7013bf42575463d34267a6706a39ae744585e84e5a8910821832b025e38a5fef

Red Hat Enterprise Linux for ARM 64 8

SRPM
cockpit-310.8-1.el8_10.src.rpm SHA-256: bc5bc731187d964c5d997310ab31ce56689b24d078af0597d6a8e6f3209efd7a
aarch64
cockpit-310.8-1.el8_10.aarch64.rpm SHA-256: 35962ca16cd896bcb8b0b8dae2b1666f905fe98caa7001d979fc9633e9e436c6
cockpit-bridge-310.8-1.el8_10.aarch64.rpm SHA-256: c39f900a972724792ebd3acc740a76c7b51df25c25d20e01ba4fffc8d8b5a0c7
cockpit-debuginfo-310.8-1.el8_10.aarch64.rpm SHA-256: 408c0c5f9954fd7b77eeb86c9b360f76258caa0d942387ada0c6b9a445d70ca2
cockpit-debugsource-310.8-1.el8_10.aarch64.rpm SHA-256: bab50af5a5c83a93da146805d4a1678e1d16ea16a4119a57b96080e35a0e0bff
cockpit-doc-310.8-1.el8_10.noarch.rpm SHA-256: ee5444a8e82d39824ae85d36564885eb6db1d1fc7e8de3ddc47686355f1b45c5
cockpit-system-310.8-1.el8_10.noarch.rpm SHA-256: 5513427a6ac5bb313e555d180e216ca1eff3a64e1ad69945706a5df4e8e6c9b6
cockpit-ws-310.8-1.el8_10.aarch64.rpm SHA-256: 47a01b93183a69add75585817e5ab2510c1661b8d8987b8c4e8044d782634078

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
cockpit-310.8-1.el8_10.src.rpm SHA-256: bc5bc731187d964c5d997310ab31ce56689b24d078af0597d6a8e6f3209efd7a
x86_64
cockpit-310.8-1.el8_10.x86_64.rpm SHA-256: 563c4e126740997a1e49dd4b8dc65d0da121442c76ffee48aae340e845c453fe
cockpit-bridge-310.8-1.el8_10.x86_64.rpm SHA-256: 50c77fe66890f88d9cb607c5df44ba4be71545434b67b21eefb5c23e0de6dba7
cockpit-debuginfo-310.8-1.el8_10.x86_64.rpm SHA-256: c3ce24dec2362b951544389db81e7f99598cf6940792466be88c5daa33e8eeb9
cockpit-debugsource-310.8-1.el8_10.x86_64.rpm SHA-256: 38f1b3ed3c2762c3c439b0ce5b38a8199c472fb4b3e8e845b0cc700e1edf8e12
cockpit-doc-310.8-1.el8_10.noarch.rpm SHA-256: ee5444a8e82d39824ae85d36564885eb6db1d1fc7e8de3ddc47686355f1b45c5
cockpit-system-310.8-1.el8_10.noarch.rpm SHA-256: 5513427a6ac5bb313e555d180e216ca1eff3a64e1ad69945706a5df4e8e6c9b6
cockpit-ws-310.8-1.el8_10.x86_64.rpm SHA-256: e814ba0e17c66a5d41032d3f012135d08e945ed31c0cdc7c6c50917535e61962

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
cockpit-310.8-1.el8_10.src.rpm SHA-256: bc5bc731187d964c5d997310ab31ce56689b24d078af0597d6a8e6f3209efd7a
aarch64
cockpit-310.8-1.el8_10.aarch64.rpm SHA-256: 35962ca16cd896bcb8b0b8dae2b1666f905fe98caa7001d979fc9633e9e436c6
cockpit-bridge-310.8-1.el8_10.aarch64.rpm SHA-256: c39f900a972724792ebd3acc740a76c7b51df25c25d20e01ba4fffc8d8b5a0c7
cockpit-debuginfo-310.8-1.el8_10.aarch64.rpm SHA-256: 408c0c5f9954fd7b77eeb86c9b360f76258caa0d942387ada0c6b9a445d70ca2
cockpit-debugsource-310.8-1.el8_10.aarch64.rpm SHA-256: bab50af5a5c83a93da146805d4a1678e1d16ea16a4119a57b96080e35a0e0bff
cockpit-doc-310.8-1.el8_10.noarch.rpm SHA-256: ee5444a8e82d39824ae85d36564885eb6db1d1fc7e8de3ddc47686355f1b45c5
cockpit-system-310.8-1.el8_10.noarch.rpm SHA-256: 5513427a6ac5bb313e555d180e216ca1eff3a64e1ad69945706a5df4e8e6c9b6
cockpit-ws-310.8-1.el8_10.aarch64.rpm SHA-256: 47a01b93183a69add75585817e5ab2510c1661b8d8987b8c4e8044d782634078

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
cockpit-310.8-1.el8_10.src.rpm SHA-256: bc5bc731187d964c5d997310ab31ce56689b24d078af0597d6a8e6f3209efd7a
ppc64le
cockpit-310.8-1.el8_10.ppc64le.rpm SHA-256: 0dcf5430dbd44899a7357528441428dfca5b826be5206e168d68ef4cf7a76ac4
cockpit-bridge-310.8-1.el8_10.ppc64le.rpm SHA-256: 7d1734298f7b653ce413b304c1ca1f000749151269e0aa88cc2d6bf2e84b6296
cockpit-debuginfo-310.8-1.el8_10.ppc64le.rpm SHA-256: b12d97c60884e4b80d5f32150848fd8939a4aa321564661a2449269a92b66fd7
cockpit-debugsource-310.8-1.el8_10.ppc64le.rpm SHA-256: 479479a8a3f4aaeb9451ef6673f29d994933d67d5a19b64af178c90cd5b1208c
cockpit-doc-310.8-1.el8_10.noarch.rpm SHA-256: ee5444a8e82d39824ae85d36564885eb6db1d1fc7e8de3ddc47686355f1b45c5
cockpit-system-310.8-1.el8_10.noarch.rpm SHA-256: 5513427a6ac5bb313e555d180e216ca1eff3a64e1ad69945706a5df4e8e6c9b6
cockpit-ws-310.8-1.el8_10.ppc64le.rpm SHA-256: 7013bf42575463d34267a6706a39ae744585e84e5a8910821832b025e38a5fef

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
cockpit-310.8-1.el8_10.src.rpm SHA-256: bc5bc731187d964c5d997310ab31ce56689b24d078af0597d6a8e6f3209efd7a
s390x
cockpit-310.8-1.el8_10.s390x.rpm SHA-256: 30e0f95b2f07271e4c2708484a425918836f88383557121539d80b48626b2e91
cockpit-bridge-310.8-1.el8_10.s390x.rpm SHA-256: 0c6195ca2119304bb6ff737e906f0228dd332d60670bf6f83423db7af67473ef
cockpit-debuginfo-310.8-1.el8_10.s390x.rpm SHA-256: d68b9bfa71740d86c191b85e6c484e04af4bfd2eab52098dc6b35e934133f152
cockpit-debugsource-310.8-1.el8_10.s390x.rpm SHA-256: cb41fc87b9546ae1aae7ae9e7ee0c44b78765a4c8ee521b170e0fba06c9393d1
cockpit-doc-310.8-1.el8_10.noarch.rpm SHA-256: ee5444a8e82d39824ae85d36564885eb6db1d1fc7e8de3ddc47686355f1b45c5
cockpit-system-310.8-1.el8_10.noarch.rpm SHA-256: 5513427a6ac5bb313e555d180e216ca1eff3a64e1ad69945706a5df4e8e6c9b6
cockpit-ws-310.8-1.el8_10.s390x.rpm SHA-256: b5d03eb7c3e671ef2d1edfbdc7a47c353685c609f201ec1883cf3eba1e48aa07

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.