Home / Vulnerability Intelligence / CVE-2026-34965

CVE-2026-34965 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 29, 2026

Cockpit CMS - Remote Code Execution

Published: April 29, 2026Updated: April 29, 2026Remote Exploitable

Overview

Cockpit CMS contains an authenticated remote code execution caused by injection of arbitrary PHP code into collection rules parameters in /cockpit/collections/save_collection, letting authenticated attackers with collection management privileges execute arbitrary commands on the server.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated attackers with collection management privileges can execute arbitrary code on the server, leading to full server compromise.

Mitigation

Update to the latest version of Cockpit CMS.

References

https://gist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90
https://github.com/agentejo/cockpit
https://github.com/agentejo/cockpit/commits/494765e4f0fb9484f320aee0c6ee889b6fa789b9
https://www.vulncheck.com/advisories/cockpit-cms-authenticated-remote-code-execution-via-collections

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34965
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: rejected

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H