Missing Authorization Vulnerability in Cockpit CMS Bucket File Storage API
CVE-2026-57855
8.7HIGH
What is CVE-2026-57855?
Cockpit CMS features a vulnerability in its Bucket file storage API that permits any authenticated user to execute potentially hazardous commands on buckets without proper authorization checks. This flaw means that users can engage in operations such as listing, uploading, removing files, renaming, and creating folders within any bucket, even those designated for administrative purposes. Due to the lack of Access Control List (ACL) verification or role enforcement, it poses a significant risk to the integrity and confidentiality of sensitive data managed by Cockpit CMS.
Affected Version(s)
Cockpit CMS 0
