PatchSiren cyber security CVE debrief
CVE-2026-58467 Cockpit CVE debrief
CVE-2026-58467 is a high-severity vulnerability in Cockpit CMS that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. This vulnerability exists in Cockpit CMS through version 2.14.0, where an unauthenticated attacker can inject dot-dot sequences into the URL to traverse outside the designated spaces directory.
- Vendor
- Cockpit
- Product
- CMS
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-08
Who should care
Users of Cockpit CMS version 2.14.0 or earlier should be aware of this vulnerability and take steps to mitigate it. Affected operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability and implement necessary controls.
Technical summary
The vulnerability exists in Cockpit CMS through version 2.14.0, where an unauthenticated attacker can inject dot-dot sequences into the URL to traverse outside the designated spaces directory. When the resolved path ends with a .php extension, the application passes it to include(), enabling local file inclusion on deployments using the PHP built-in server or certain non-default Nginx configurations. Affected product context indicates that deployments using the PHP built-in server or certain non-default Nginx configurations are impacted.
Defensive priority
High
Recommended defensive actions
- Apply the vendor patch or upgrade to a version of Cockpit CMS that is not vulnerable
- Implement input validation and sanitization to prevent path traversal and local file inclusion attacks
- Use a web application firewall to detect and prevent attacks
- Monitor for suspicious activity and implement incident response plans
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-02T20:17:06.733Z and was last modified on 2026-07-08T14:17:19.517Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD information. Defenders should verify affected scope and vendor guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T20:17:06.733Z and has not been modified since then. The NVD entry is currently Deferred.