{
  "schema_version": "1.7.0",
  "id": "MGASA-2026-0175",
  "published": "2026-06-05T17:37:45Z",
  "modified": "2026-06-05T16:50:35Z",
  "summary": "Updated cockpit packages fix security vulnerabilities",
  "details": "CVE-2026-4631, Cockpit's remote login feature passes user-supplied\nhostnames and usernames from the web interface to the SSH client without\nvalidation or sanitization. An attacker with network access to the\nCockpit web service can craft a single HTTP request to the login\nendpoint that injects malicious SSH options or shell commands, achieving\ncode execution on the Cockpit host without valid credentials. The\ninjection occurs during the authentication flow before any credential\nverification takes place, meaning no login is required to exploit the\nvulnerability.\nCVE-2026-4800, lodash vulnerable to Code Injection via `_.template`\nimports key names\nCVE-2026-4802, A flaw was found in Cockpit. This vulnerability allows a\nremote attacker to achieve arbitrary command execution on the host by\nexploiting unsanitized user-controlled parameters within crafted links\nin the system logs user interface (UI). An attacker can inject shell\nmetacharacters and command substitutions into these parameters, leading\nto the execution of arbitrary shell commands on the affected system.\nThis could result in a complete system compromise.\n",
  "upstream": [
    "CVE-2026-4802",
    "CVE-2026-4631",
    "CVE-2026-4800"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2026-0175.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=35563"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/20/19"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/339"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/340"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/341"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/341.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/342"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/343"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/344"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/345"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/346"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/347"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/348"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/349"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/350"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/351"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/352"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/353"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/353.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/354"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/355"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/356"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/356.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-project/cockpit/releases/tag/356.2"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-rq49-h582-83m7"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-r5fr-rjxr-66jc"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-3wjm-5g86-c6p3"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "cockpit",
        "purl": "pkg:rpm/mageia/cockpit?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "356.2-1.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}