CVE-2026-38993

Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.
Configurations

No configuration.

History

30 Jun 2026, 03:19

Type Values Removed Values Added
References
  • () https://access.redhat.com/security/cve/CVE-2026-38993 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2463843 -
  • () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-38993.json -

29 Apr 2026, 21:22

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-29 16:16

Updated : 2026-06-30 03:19


NVD link : CVE-2026-38993

Mitre link : CVE-2026-38993

CVE.ORG link : CVE-2026-38993


JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')