CVE-2026-34965

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

CVE-2026-34965

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

CVE-2026-34965 Cockpit CMS Authenticated Remote Code Execution via Collections

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

EUVD-2026-26280

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

CVE-2026-34965

CVE-2026-34965 (Cockpit CMS) : An authenticated remote code execution flaw exists in the /cockpit/collections/save_collection endpoint. Attackers with collection management privileges can inject arbitrary PHP code into collection rules parameters, which is written to server-side PHP files and lat...

Cockpit CMS 代码注入漏洞

Cockpit CMS is an open-source headless content management system developed by Cockpit. Cockpit CMS has a code injection vulnerability, which stems from remote code execution at the /cockpit/collections/savecollection endpoint, potentially leading to arbitrary command execution...