Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-04-29T00:00:00 Cockpit: Cockpit: Arbitrary file write via directory traversal in Buckets component 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CWE-22

A flaw was found in Cockpit. This vulnerability, identified as a directory traversal, allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite existing assets with malicious versions. The exploitation occurs via the Buckets component. This could lead to unauthorized modification of data and potential system compromise.

Red Hat Enterprise Linux 10 Not affected cockpit Red Hat Enterprise Linux 7 Not affected cockpit Red Hat Enterprise Linux 8 Not affected cockpit Red Hat Enterprise Linux 9 Not affected cockpit https://www.cve.org/CVERecord?id=CVE-2026-38993 https://nvd.nist.gov/vuln/detail/CVE-2026-38993 https://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/ https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.14.0