Directory Traversal Vulnerability in Cockpit by Cockpit HQ
CVE-2026-38993

6.5MEDIUM

Key Information:

Vendor

Cockpit HQ

Status
Vendor
CVE Published:
29 April 2026

What is CVE-2026-38993?

An identified vulnerability in Cockpit versions 2.13.5 and earlier permits directory traversal through the Buckets component. This flaw enables authenticated attackers to manipulate files within the uploads directory, including writing files to arbitrary locations and overwriting existing assets with unauthorized versions. As a result, this could lead to severe security implications if exploited, compromising the integrity of the affected environment.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.