PatchSiren

Cockpit CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Cockpit CVE published 2026-07-02

CVE-2026-58467

CVE-2026-58467 is a high-severity vulnerability in Cockpit CMS that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. This vulnerability exists in Cockpit CMS through version 2.14.0, where an unauthenticated attacker can inject dot-dot sequences into the URL t [truncated]