Linuxsecurity
Critical Remote Command Execution Vulnerabilities in SUSE Cockpit
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
SUSE has released a security update addressing multiple vulnerabilities in Cockpit, impacting SUSE Linux Enterprise and openSUSE systems. Notably, CVE-2026-4802 allows remote command execution via unsanitized user-controlled parameters in system logs UI. CVE-2026-0775 poses a risk of local privilege escalation and arbitrary code execution through insecure module loading. CVE-2026-29074 can lead to denial of service due to XML processing issues. The vulnerabilities were published between January and May 2026, with a proof of concept for CVE-2026-4802 made public shortly after its disclosure. Administrators are urged to apply the patches using recommended methods like YaST or zypper. The update is rated as important, indicating a significant risk to affected systems.
Key Points: • CVE-2026-4802 enables remote command execution via crafted links in system logs UI. • CVE-2026-0775 allows local privilege escalation through insecure module loading. • Patches are available and should be applied immediately to mitigate risks.