Remote Code Execution Vulnerability in Cockpit Web Service by Red Hat
CVE-2026-4631

9.8CRITICAL

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-4631?

The Cockpit web service's remote login feature is susceptible to a serious vulnerability where it improperly processes user-supplied hostnames and usernames. This lack of validation allows an attacker with network access to manipulate HTTP requests to the login endpoint. As a result, malicious SSH options or shell commands can be injected, permitting code execution on the Cockpit host without any need for valid credentials. The vulnerability arises within the authentication flow, preceding any checks on credentials, thereby enabling access and execution of unauthorized commands.

References

https://access.redhat.com/security/cve/CVE-2026-4631

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2450246

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Red Hat would like to thank Florian Kohnhäuser for reporting this issue.

CVE-2026-4631 Data

JSON