CVE-2026-34965

Name of the Vulnerable Software and Affected Versions Cockpit CMS (affected versions not specified)

Description An authenticated remote code execution issue exists in the "/cockpit/collections/save collection" endpoint. Authenticated attackers with collection management privileges can inject arbitrary PHP code into collection rules parameters. This malicious code is written directly to server-side PHP files and executed via the include() function, allowing for arbitrary command execution on the underlying server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.