PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57855 Cockpit HQ CVE debrief

The CVE record indicates that Cockpit CMS has a missing authorization vulnerability in its Bucket file storage API. The api() method in modules/System/Controller/Buckets.php executes bucket commands without performing any ACL or role check, allowing any authenticated user to perform all bucket operations. This vulnerability can have significant operational impacts, as it allows unauthorized access to sensitive data and potentially enables lateral movement within an affected system. Administrators and users of Cockpit CMS should be aware of this vulnerability and take necessary actions to mitigate it, including reviewing affected product deployments, applying vendor patches or updates, and implementing compensating controls.

Vendor
Cockpit HQ
Product
Cockpit CMS
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Administrators and users of Cockpit CMS, as well as security teams and vulnerability management teams, should be aware of this vulnerability and take necessary actions to mitigate it. This includes reviewing affected product deployments, applying vendor patches or updates, and implementing compensating controls. Additionally, operators and platform administrators may need to review and update their security configurations to prevent exploitation of this vulnerability.

Technical summary

The vulnerability exists in the Bucket file storage API (/system/buckets/api) of Cockpit CMS. The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls, upload, removefiles, rename, createfolder) without performing any ACL or role check. This allows any authenticated user, regardless of role, to perform all bucket operations on any named bucket, including buckets intended for admin use only. The vulnerability can be mitigated by applying vendor patches or updates, implementing compensating controls, and restricting access to the Bucket file storage API.

Defensive priority

High

Recommended defensive actions

  • Inventory and verify the presence of affected software versions
  • Apply vendor patches or updates if available
  • Implement compensating controls such as monitoring and exception tracking
  • Restrict access to the Bucket file storage API
  • Review and update security configurations to prevent exploitation
  • Perform additional testing to validate the vulnerability and verify the effectiveness of mitigations
  • Track exceptions and retest remediated assets to ensure that the vulnerability is fully resolved

Evidence notes

The CVE record and source references provide evidence of the vulnerability in Cockpit CMS's Bucket file storage API. However, further verification is needed to confirm the affected software versions and the presence of patches or updates. This may involve reviewing the vendor's documentation, checking for security advisories, and performing additional testing to validate the vulnerability. Additionally, defenders should verify the presence of affected product deployments in their environments and review compensating controls for exposed systems.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T23:16:46.743Z and has not been modified since then.