CVE-2026-38993

Name of the Vulnerable Software and Affected Versions Cockpit versions prior to 2.13.6

Description A directory traversal issue exists in the Buckets component. This allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite existing assets with malicious versions. Directory traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder.

Recommendations Update to a version later than 2.13.5. Restrict access to the Buckets component to minimize the risk of exploitation.