Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.
References
Configurations
No configuration.
History
30 Jun 2026, 03:19
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
29 Apr 2026, 21:22
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-29 16:16
Updated : 2026-06-30 03:19
NVD link : CVE-2026-38993
Mitre link : CVE-2026-38993
CVE.ORG link : CVE-2026-38993
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
