Description

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.

INFO

Published Date :

2026-04-29T19:50:01.366Z

Last Modified :

2026-05-01T16:38:49.032Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34965 vulnerability.

Vendors Products
Cockpit-hq
  • Cockpit
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34965.

URL Resource
https://gist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90 cve-icon cve-icon
https://github.com/agentejo/cockpit cve-icon cve-icon
https://github.com/agentejo/cockpit/commits/494765e4f0fb9484f320aee0c6ee889b6fa789b9 cve-icon cve-icon
https://www.vulncheck.com/advisories/cockpit-cms-authenticated-remote-code-execution-via-collections cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact