cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update is available for cockpit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...

RLSA-2026:7384 Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: ws: be more explicit when handling hostnames on cli...

Fedora 42 : cockpit (2026-134819a61b)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-134819a61b advisory. - ws: be more explicit when handling hostnames on cli CVE-2026-4631 Tenable has extracted the preceding description block directly from the Fedora security...

Exploit for CVE-2026-4631

CVE-2026-4631 — Code Analysis Cockpit: Unauthenticated Rem...

RHEL 10 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7383)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7383 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Updated cockpit-338 packages fix security vulnerability

Unauthenticated remote code execution due to ssh command-line argument injection. CVE-2026-4631...

cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

344-3.0.1 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation...

SUSE-SU-2026:21106-1 Security update for cockpit

This update for cockpit fixes the following issues: Changes in cockpit: - CVE-2026-4631: Avoid ssh command injection that could be used to cause remote code execution bsc1261829...

Critical: Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update for cockpit is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7384)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7384 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELin...

RHEL 10 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7381)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7381 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

Fedora: Security Advisory (FEDORA-2026-42f1aaa820)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2026:7383 Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: ws: be more explicit when handling hostnames on cli...

Fedora 43 : cockpit (2026-42f1aaa820)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-42f1aaa820 advisory. Automatic update for cockpit-360-1.fc43. Changelog for cockpit Wed Apr 08 2026 Packit - 360-1 - ws: be more explicit when handling hostnames on cli...

CVE-2026-4631

creationtimestamp| type| source ---|---|--- 2026-04-07 19:34:21+00:00| seen| Telegram/OYPeMWdUc2Y5vftMssiNoDYA806NyVd6-qxnWxvkgzfQI 2026-04-07 19:34:38+00:00| seen| Telegram/H9-wLQyAW-fjKUXTN1LxHiROu7RUaGwpmVWmVHEm8VlmA 2026-04-10 15:35:02+00:00| seen|...