CVE-2026-4631

critical

Red Hat

CVSS v3 Base Score

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: April 7, 2026 (36 days ago)

Last Modified: April 7, 2026

Vendor: Red Hat

Source: REDHAT

Description

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability.

CWE

CWE-78

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov

CVE-2026-4631

Vulnerability Report

Description

CWE

Affected Products

References