cockpit-doc (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package cockpit-doc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2026-4631 — CVSS 9.8 (critical): Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or…
CVE-2026-4802 — CVSS 8.0 (high): A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting…
CVE-2024-2947 — CVSS 7.3 (high): A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection…
CVE-2024-6126 — CVSS 3.2 (low): A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's…