CVE-2026-57855
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls, upload, removefiles, rename, createfolder) without performing any ACL or role check. Any authenticated user, regardless of role, can perform all bucket operations on any named bucket, including buckets intended for admin use only.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cockpit HQ | Cockpit CMS | 0 < 2.14.0 | affected |
Weaknesses
- CWE-284: Improper Access Control
References
- https://github.com/cockpit-hq/cockpit
- https://github.com/Cockpit-HQ/Cockpit/commit/dde2d1d74f5f4e11de42a298918ea8c9684f932c
- https://gist.github.com/sermikr0/821c4edd3c34e98a62a50b07707785bd
- https://www.vulncheck.com/advisories/cockpit-cms-missing-authorization-in-bucket-file-storage-api
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.