Vulnerability Description
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://gist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90
- https://github.com/agentejo/cockpit
- https://github.com/agentejo/cockpit/commits/494765e4f0fb9484f320aee0c6ee889b6fa7
- https://www.vulncheck.com/advisories/cockpit-cms-authenticated-remote-code-execu
FAQ
What is CVE-2026-34965?
CVE-2026-34965 is a vulnerability with a CVSS score of 8.8 (HIGH). Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges...
How severe is CVE-2026-34965?
CVE-2026-34965 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34965?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.