CVE-2026-13533
Last modified
CVE-2026-13533 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| agentejo | Cockpit CMS | 0.12.0; 0.12.1; 0.12.2 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13533?
How severe is CVE-2026-13533?
How do I fix CVE-2026-13533?
Related CVEs from 2026
- CVE-2026-13527A vulnerability has been found in SourceCodester Class and E…7.3
- CVE-2026-13528A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-…7.3
- CVE-2026-13529A vulnerability was determined in YzmCMS up to 7.5. This aff…5.6
- CVE-2026-13530A vulnerability was identified in itsourcecode Hospital Mana…6.3
- CVE-2026-13531A security flaw has been discovered in itsourcecode Hospital…6.3
- CVE-2026-13532A weakness has been identified in itsourcecode Hospital Mana…6.3
- CVE-2026-13534A vulnerability was detected in CherryHQ cherry-studio up to…5
- CVE-2026-13535A flaw has been found in CodeAstro Human Resource Management…6.3
- CVE-2026-13536A vulnerability has been found in GotoHTTP up to 10.2. This …4.3
- CVE-2026-13537A vulnerability was found in CodeAstro Human Resource Manage…4.3
- CVE-2026-13538A vulnerability was determined in Wavlink WL-NU516U1-A M16U1…6.3
- CVE-2026-13539A vulnerability was identified in Wavlink WL-NU516U1-A M16U1…8.8
Are you affected by CVE-2026-13533?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
