PatchSiren cyber security CVE debrief
CVE-2026-57855 Cockpit HQ CVE debrief
The CVE record indicates that Cockpit CMS has a missing authorization vulnerability in its Bucket file storage API. The api() method in modules/System/Controller/Buckets.php executes bucket commands without performing any ACL or role check, allowing any authenticated user to perform all bucket operations. This vulnerability can have significant operational impacts, as it allows unauthorized access to sensitive data and potentially enables lateral movement within an affected system. Administrators and users of Cockpit CMS should be aware of this vulnerability and take necessary actions to mitigate it, including reviewing affected product deployments, applying vendor patches or updates, and implementing compensating controls.
- Vendor
- Cockpit HQ
- Product
- Cockpit CMS
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Administrators and users of Cockpit CMS, as well as security teams and vulnerability management teams, should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing affected product deployments, applying vendor patches or updates, and implementing compensating controls. Additionally, operators and platform administrators may need to review and update their security configurations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability exists in the Bucket file storage API (/system/buckets/api) of Cockpit CMS. The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls, upload, removefiles, rename, createfolder) without performing any ACL or role check. This allows any authenticated user, regardless of role, to perform all bucket operations on any named bucket, including buckets intended for admin use only. The vulnerability can be mitigated by applying vendor patches or updates, implementing compensating controls, and restricting access to the Bucket file storage API.
Defensive priority
High
Recommended defensive actions
- Inventory and verify the presence of affected software versions
- Apply vendor patches or updates if available
- Implement compensating controls such as monitoring and exception tracking
- Restrict access to the Bucket file storage API
- Review and update security configurations to prevent exploitation
- Perform additional testing to validate the vulnerability and verify the effectiveness of mitigations
- Track exceptions and retest remediated assets to ensure that the vulnerability is fully resolved
Evidence notes
The CVE record and source references provide evidence of the vulnerability in Cockpit CMS's Bucket file storage API. However, further verification is needed to confirm the affected software versions and the presence of patches or updates. This may involve reviewing the vendor's documentation, checking for security advisories, and performing additional testing to validate the vulnerability. Additionally, defenders should verify the presence of affected product deployments in their environments and review compensating controls for exposed systems.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T23:16:46.743Z and has not been modified since then.