Cockpit · Cockpit · CVE-2026-4802
**Name of the Vulnerable Software and Affected Versions**
Cockpit (affected versions not specified)
**Description**
A flaw in the system logs user interface (UI) allows a remote attacker to achieve arbitrary command execution on the host. The issue stems from unsanitized user-controlled parameters within crafted links, which enable the injection of shell metacharacters and command substitutions. This can lead to the execution of arbitrary shell commands and potential complete system compromise. Exploitation requires the user to be logged in to Cockpit.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.