HIGH
Cockpit
CVE published 2026-07-02
CVE-2026-58467
CVE-2026-58467 is a high-severity vulnerability in Cockpit CMS that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. This vulnerability exists in Cockpit CMS through version 2.14.0, where an unauthenticated attacker can inject dot-dot sequences into the URL t [truncated]