PT-2026-55289 · Unknown · Cockpit Cms

George Chen

·

Published

2026-07-02

·

Updated

2026-07-03

·

CVE-2026-58467

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Cockpit CMS versions prior to 364
Description Unauthenticated attackers can read arbitrary files or execute PHP files due to a path traversal and local file inclusion issue. The application fails to perform containment checks when constructing filesystem paths using unvalidated PATH INFO derived from the REQUEST URI. By injecting dot-dot sequences into the URL, an attacker can traverse outside the designated spaces directory. If the resolved path ends with a .php extension, the application passes it to the include() function, enabling local file inclusion on deployments using the PHP built-in server or specific non-default Nginx configurations.
Recommendations Update Cockpit CMS to version 364 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58467

Affected Products

Cockpit Cms