Arbitrary Code Execution Vulnerability in Cockpit by Cockpit HQ
CVE-2026-38992

Currently unrated

Key Information:

Vendor: Cockpit HQ
Status: Cockpit
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-38992?

Cockpit versions up to 2.13.5 are exposed to a serious vulnerability that enables arbitrary code execution through the filter parameter present in multiple endpoints. An attacker can exploit this flaw to execute system commands on the underlying infrastructure using the MongoLite $func operator, potentially compromising the system's integrity and security. It is essential for users to upgrade to the latest version to mitigate this risk.

References

https://github.com/Cockpit-HQ/Cockpit/releases/tag/2.14.0

https://felsec.com/posts/cockpit-cms-2.13.5-multi-vulns/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-38992 Data

JSON