MGASA-2026-0175 Updated cockpit packages fix security vulnerabilities

CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...

RHSA-2026:21647 Red Hat Security Advisory: cockpit security update

Bulletin has no description...

RHSA-2026:21515 Red Hat Security Advisory: cockpit security update

Bulletin has no description...

Security update for cockpit (important)

openSUSE security update: security update for cockpit ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20504-1 Rating: important References: bsc1257836 bsc1258641 Cross-References: CVE-2026-25547 CVE-2026-26996 CVSS scores: CVE-2026-25547 SUSE : 7.5...

Fedora 44 : cockpit (2026-ea792bf240)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ea792bf240 advisory. Automatic update for cockpit-360.1-1.fc44. Changelog for cockpit Tue Apr 14 2026 Packit - 360.1-1 - Prevent overmounting also for btrfs subvolumes...

SUSE-SU-2026:20454-1 Security update for cockpit

This update for cockpit fixes the following issues: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global prototypes bsc1257324...

cockpit-354-3.1 on GA media (moderate)

cockpit-354-3.1 on GA media Announcement ID: openSUSE-SU-2026:10154-1 Rating: moderate Cross-References: CVE-2025-13465 CVSS scores: CVE-2025-13465 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2025-13465 SUSE : 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N...

MiracleLinux 9 : cockpit-323.1-1.el9.ML.1 (AXSA:2024-9119:16)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9119:16 advisory. cockpit: Authenticated user can kill any process when enabling pamenv's userreadenv option CVE-2024-6126 Tenable has extracted the preceding description bloc...

OPENSUSE-SU-2024:0206-1 Security update for cockpit

This update for cockpit fixes the following issues: - new version 320: pam-ssh-add: Fix insecure killing of session ssh-agent boo1226040, CVE-2024-6126 - changes in older versions: Storage: Btrfs snapshots Podman: Add image pull action Files: Bookmark support webserver: System user changes Metric...

OESA-2024-1552 cockpit security update

Cockpit makes GNU/Linux discoverable. See Linux server in a web browser and perform system tasks with a mouse. It’s easy to start containers, administer storage, configure networks, and inspect logs with this package. Security Fixes: An SSRF issue was discovered in cockpit-project.org Cockpit 234...

cockpit bug fix and enhancement update

An update is available for cockpit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. It...

cockpit bug fix and enhancement update

An update is available for cockpit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...