[ALSA-2026:7383] Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
Type:
security
Severity:
critical
Release date:
2026-04-15
Description:
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): * cockpit: ws: be more explicit when handling hostnames on cli (CVE-2026-4631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch cockpit-packagekit-344-3.el10_1.noarch.rpm 11293ac3d661b2cd4dacc6727b2a52e223882a1feb776216e9bfe472ad4f89cf
noarch cockpit-storaged-344-3.el10_1.noarch.rpm 3a22ce68ac3c5d13ec0963cb55316c16653fbdd0788b4cc4843d1d8b5a3defbc
noarch cockpit-system-344-3.el10_1.noarch.rpm 4026399a841ded5ce87cf197de55ed145156e2cae14ad78a9910433951741600
noarch cockpit-bridge-344-3.el10_1.noarch.rpm 9e6ee07b13d8b35e2f11c48c6e6bdb1980d72349f1fa3fb136ccd540e3992b26
noarch cockpit-doc-344-3.el10_1.noarch.rpm 9f322694f3345572a0e40446eaffca2720adfea8f1ef2b20bd629155d9cbe990
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.