PatchSiren cyber security CVE debrief

CVE-2026-4802 Red Hat CVE debrief

CVE-2026-4802 is a high-severity remote command execution issue associated with Cockpit’s system logs UI. According to the supplied sources, crafted links containing unsanitized user-controlled parameters can let an attacker inject shell metacharacters or command substitutions, resulting in arbitrary shell command execution on the affected host. The CVSS vector shows the attack requires network access, low privileges, and user interaction, but still carries high impact to confidentiality, integrity, and availability.

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10
CVSS: HIGH 8
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-11
Original CVE updated: 2026-05-20
Advisory published: 2026-05-11
Advisory updated: 2026-05-20

Who should care

Administrators and security teams running Cockpit on Linux hosts, especially any environment where users can access or share system log views. Organizations that rely on Cockpit for remote administration should treat this as a priority because successful abuse can lead to full host compromise.

Technical summary

The supplied NVD and Red Hat references describe a command-injection weakness in Cockpit’s system logs UI. The relevant code reference points to pkg/systemd/logsJournal.jsx, where user-controlled parameters in crafted links were not properly sanitized. NVD lists CWE-78 and a CVSS 3.1 vector of AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating remote exploitation with low privileges and a user interaction requirement. The available corpus does not provide affected version ranges or fixed-version details.

Defensive priority

High. The described impact is complete host compromise, and the vulnerability is reachable remotely with a relatively low barrier to abuse once a victim interacts with a crafted link.

Recommended defensive actions

Review whether Cockpit is deployed anywhere in your environment and prioritize systems that expose the system logs UI.
Apply vendor guidance from the Red Hat security advisory and any linked bugfixes or package updates as soon as they are available.
Restrict access to Cockpit to trusted administrative networks and authenticated users only.
Treat links or log-view content in administrative interfaces as untrusted input and monitor for unexpected shell activity on hosts running Cockpit.
If you maintain downstream packaging or builds, verify that the logsJournal.jsx-related sanitization issue has been addressed before redeployment.

Evidence notes

This debrief is based only on the supplied CVE record metadata and the referenced Red Hat, Bugzilla, Cockpit source code, and oss-security links. The corpus identifies the issue as command execution in Cockpit’s system logs UI, maps it to CWE-78, and provides the CVSS vector AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vendor attribution in the prompt is marked low confidence/needs review, so this summary avoids asserting a precise product/vendor ownership beyond the Cockpit references.

Official resources

CVE-2026-4802 CVE record
CVE.org
CVE-2026-4802 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
af854a3a-2127-422b-91ae-364da2661108

CVE-2026-4802 was published on 2026-05-11 and modified on 2026-05-20. The supplied NVD record is marked "Awaiting Analysis." No KEV entry was supplied in the corpus.