4 matches found
CVE-2026-5208
CVE-2026-5208 affects CoolerControl/coolercontrold prior to version 4.0.0. The issue is OS command injection in alert names, allowing authenticated, local attackers to execute arbitrary code as root. The vulnerability arises from improper handling of alert-name input, enabling injection into a sh...
CVE-2026-5301
This CVE affects CoolerControl/coolercontrol-ui prior to version 4.0.0, where a Stored XSS in the log viewer could be exploited by unauthenticated attackers via poisoned log entries. The root cause is unvalidated/sanitized user input rendered in log viewing functionality, enabling JavaScript exec...
CVE-2026-5300
CVE-2026-5300 affects CoolerControl/coolercontrold prior to version 4.0.0, where unauthenticated users can view and modify potentially sensitive data via HTTP requests. The issue impacts both confidentiality and integrity (CVSS v3.1 base scores: 9.1/CRITICAL under NVD, with NETWORK attack vector ...
CVE-2026-5302
CVE-2026-5302 describes a CORS misconfiguration in CoolerControl/coolercontrold prior to 4.0.0. The root issue is permissive cross-origin access, allowing unauthenticated remote attackers to read data and send commands through malicious websites. Affected software: CoolerControl/coolercontrold ve...