27 matches found
CVE-2026-5300
CVE-2026-5300 affects CoolerControl/coolercontrold prior to version 4.0.0, where unauthenticated users can view and modify potentially sensitive data via HTTP requests. The issue impacts both confidentiality and integrity (CVSS v3.1 base scores: 9.1/CRITICAL under NVD, with NETWORK attack vector ...
CVE-2026-5208 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold
Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...
CVE-2026-5208 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold
Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...
CVE-2026-5208
CVE-2026-5208 affects CoolerControl/coolercontrold prior to version 4.0.0. The issue is OS command injection in alert names, allowing authenticated, local attackers to execute arbitrary code as root. The vulnerability arises from improper handling of alert-name input, enabling injection into a sh...
CVE-2026-5208 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold
Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...
PT-2026-31297
Name of the Vulnerable Software and Affected Versions CoolerControl/coolercontrold versions prior to 4.0.0 Description A command injection issue exists in alerts within CoolerControl/coolercontrold. Authenticated attackers can execute arbitrary code as root by injecting bash commands into alert...
PT-2026-31300
Name of the Vulnerable Software and Affected Versions CoolerControl/coolercontrold versions prior to 4.0.0 Description Unauthenticated functionality in CoolerControl/coolercontrold allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests. Recommendations...