Directory Traversal Vulnerability in Cockpit by Cockpit HQ
CVE-2026-38993
6.5MEDIUM
What is CVE-2026-38993?
An identified vulnerability in Cockpit versions 2.13.5 and earlier permits directory traversal through the Buckets component. This flaw enables authenticated attackers to manipulate files within the uploads directory, including writing files to arbitrary locations and overwriting existing assets with unauthorized versions. As a result, this could lead to severe security implications if exploited, compromising the integrity of the affected environment.
