CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-4631 — Cockpit's remote login feature passes user-supplied hostnames and usernames from...

Tuesday, April 7, 2026 at 05:16 PM UTC·Source: NIST NVD

Updated: Tuesday, April 7, 2026 at 05:17 PM UTC

Executive Summary

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The inje

Analysis

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability. CVSS Score: 9.8. Published: 2026-04-07T17:16:38.010.

Indicators of Compromise (1)

CVE (1)
CVE-2026-4631
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Apr 7, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerability

Anthropic Unveils ‘Claude Mythos’ — A Cybersecurity Breakthrough That Could Also Supercharge Attacks

New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands. The post Anthropic Unveils ‘Claude Mythos’ — A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek .

SecurityWeek
CRITICALVulnerability

Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks

New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands. The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek .

SecurityWeek
MEDIUMVulnerability

A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)

Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many "arbitrary file write" and "remote code execution" vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these files keep changing and are often chosen to "fit in" with other files. Webshells themselves are also often used by parasitic

SANS ISC