CVE-2026-4631

Name: CVE-2026-4631
Creator: NVD / NIST
Published: 2026-04-07T17:16:38.01+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 13.89%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

13.89%

96.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

References

Timeline

Published: Apr 7, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-4631?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST