ALSA-2026:7383

[ALSA-2026:7383] Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Type:

security

Severity:

critical

Release date:

2026-04-15

Description:

Cockpit enables users to administer GNU/Linux servers using a web browser. It  
offers network configuration, log inspection, diagnostic reports, SELinux  
troubleshooting, interactive command-line sessions, and more.  

Security Fix(es):  

  * cockpit: ws: be more explicit when handling hostnames on cli (CVE-2026-4631)


For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s)  
listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	cockpit-ws-344-3.el10_1.aarch64.rpm	5539bd0326d3a03365e383d92cfee006024b8f6824c09b5274bfb34fe8bbdd09
aarch64	cockpit-ws-selinux-344-3.el10_1.aarch64.rpm	8553d37c9e59d10369a716d5c451e642ec7c646492dfc8056afd328d6c456fa0
aarch64	cockpit-344-3.el10_1.aarch64.rpm	e96e653edf4f6a360d0423b05b13681b3832a232b601d5b786b9af27544e92b8
noarch	cockpit-packagekit-344-3.el10_1.noarch.rpm	11293ac3d661b2cd4dacc6727b2a52e223882a1feb776216e9bfe472ad4f89cf
noarch	cockpit-storaged-344-3.el10_1.noarch.rpm	3a22ce68ac3c5d13ec0963cb55316c16653fbdd0788b4cc4843d1d8b5a3defbc
noarch	cockpit-system-344-3.el10_1.noarch.rpm	4026399a841ded5ce87cf197de55ed145156e2cae14ad78a9910433951741600
noarch	cockpit-bridge-344-3.el10_1.noarch.rpm	9e6ee07b13d8b35e2f11c48c6e6bdb1980d72349f1fa3fb136ccd540e3992b26
noarch	cockpit-doc-344-3.el10_1.noarch.rpm	9f322694f3345572a0e40446eaffca2720adfea8f1ef2b20bd629155d9cbe990
ppc64le	cockpit-ws-344-3.el10_1.ppc64le.rpm	40d70846ef56cb25a7bc07413e8dbdc91d01be135a1683c3c59a81662fa05227
ppc64le	cockpit-344-3.el10_1.ppc64le.rpm	a2a41c17f1966dfa55cba97ce384979b58e0759b87ec6fcfe46a407f2c75d78b
ppc64le	cockpit-ws-selinux-344-3.el10_1.ppc64le.rpm	f624488ca30ff63451b7578971b1b42da02b8ce1acca3a74772d5af0d71bb88e
s390x	cockpit-ws-selinux-344-3.el10_1.s390x.rpm	854bc78fa6250d01093060aad5bbd1a71a5fc190bdafd029131fedc7a8b6f61c
s390x	cockpit-344-3.el10_1.s390x.rpm	869bcfebf3b436d94709b655e9db77bb5edd2f10f7d012584525b8847828a8f3
s390x	cockpit-ws-344-3.el10_1.s390x.rpm	e7e74abf9a818a7ad3b443a12ff5bdc9b7252b694851a293af62a4f1debeae83
x86_64	cockpit-ws-344-3.el10_1.x86_64.rpm	5d0470c654e47745fb22ea3f5f68f509827db4541b5a52e63f34653ad6b7a54e
x86_64	cockpit-ws-selinux-344-3.el10_1.x86_64.rpm	8266bdce75c779e6bd69aa4fb4b0d335befeb0333bde5a839c3e88f3081074c7
x86_64	cockpit-344-3.el10_1.x86_64.rpm	90972714f6e80601d200817548929cdb604eaa39f93ad615dd2112722c30e30e
x86_64_v2	cockpit-ws-344-3.el10_1.x86_64_v2.rpm	21b7a7e8f516693d108e870bdf1e31499acb9d976e61d74f3ecb9d0f118c313c
x86_64_v2	cockpit-344-3.el10_1.x86_64_v2.rpm	35e0a8206ce25a6c3db56118c1e036a05fec7711387f2e82ee8059efc76df2c4
x86_64_v2	cockpit-ws-selinux-344-3.el10_1.x86_64_v2.rpm	3dadab51178b2de249bd4ec65154befcfe11c56dc2d9f434d4f6da526d5ed690

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.