PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57856 Cockpit HQ CVE debrief

CVE-2026-57856 is a path traversal vulnerability in Cockpit CMS. The Bucket file storage API (/system/buckets/api) in Cockpit CMS is vulnerable to path traversal attacks. The vulnerability allows an authenticated low-privileged user to list, upload, and delete files across all buckets, including those belonging to other users or roles. This vulnerability has a high severity and requires immediate attention from administrators and users of Cockpit CMS.

Vendor
Cockpit HQ
Product
Cockpit CMS
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Administrators and users of Cockpit CMS should be aware of this vulnerability and take immediate action to mitigate the risk. This vulnerability can be exploited by an authenticated low-privileged user, which makes it a high-severity issue. The vulnerability affects Cockpit CMS and requires attention from operators, platform administrators, vulnerability management teams, and security teams.

Technical summary

The Bucket file storage API (/system/buckets/api) in Cockpit CMS contains a path traversal vulnerability. The api() method in modules/System/Controller/Buckets.php uses a regular expression to sanitize the bucket name, but it allows '..' and '../' sequences. This can be used by an authenticated low-privileged user to access files outside the intended directory. The vulnerability has a CVSS score of 8.7 and is classified as HIGH. The vulnerability affects Cockpit CMS and can be exploited by an authenticated low-privileged user.

Defensive priority

High

Recommended defensive actions

  • Update Cockpit CMS to the latest version
  • Restrict access to the Bucket file storage API
  • Monitor for suspicious activity
  • Implement additional security measures such as Web Application Firewalls (WAFs)
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-13T23:16:46.883Z and has not been modified since then. The NVD entry is currently 8.7 HIGH. This information is based on the NVD entry and the CVE record. The vulnerability affects Cockpit CMS, specifically the Bucket file storage API (/system/buckets/api). The vulnerability allows an authenticated low-privileged user to list, upload, and delete files across all buckets, including those belonging to other users or roles. Evidence limits suggest that further verification is needed to confirm affected scope and severity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T23:16:46.883Z and has not been modified since then.