Critical Remote Command Execution Vulnerabilities in SUSE Cockpit

Critical Remote Command Execution Vulnerabilities in SUSE Cockpit

First seen 23 May 2026, 08:54 UTC Linuxsecurity 77% similarity 68.2

Article Content

Browse articles
ThreatCluster

SUSE has released a security update addressing multiple vulnerabilities in Cockpit, impacting SUSE Linux Enterprise and openSUSE systems. Notably, CVE-2026-4802 allows remote command execution via unsanitized user-controlled parameters in system logs UI. CVE-2026-0775 poses a risk of local privilege escalation and arbitrary code execution through insecure module loading. CVE-2026-29074 can lead to denial of service due to XML processing issues. The vulnerabilities were published between January and May 2026, with a proof of concept for CVE-2026-4802 made public shortly after its disclosure. Administrators are urged to apply the patches using recommended methods like YaST or zypper. The update is rated as important, indicating a significant risk to affected systems.

Key Points: • CVE-2026-4802 enables remote command execution via crafted links in system logs UI. • CVE-2026-0775 allows local privilege escalation through insecure module loading. • Patches are available and should be applied immediately to mitigate risks.

ThreatCluster AI

Timeline

2026-01-23
CVE-2026-0775 published
SUSE disclosed a vulnerability allowing local privilege escalation via insecure module loading.
Linuxsecurity
2026-03-06
CVE-2026-29074 published
A denial of service vulnerability was published, affecting XML processing in Cockpit.
Linuxsecurity
2026-05-11
CVE-2026-4802 published
A critical vulnerability allowing remote command execution was disclosed, with a PoC released shortly after.
Linuxsecurity
2026-05-20
SUSE Cockpit security update released
SUSE released an important security update addressing multiple vulnerabilities in Cockpit, urging immediate patching.
Linuxsecurity
2026-05-23
openSUSE Cockpit update released
openSUSE issued a security update for Cockpit, including patches for the same vulnerabilities.
Linuxsecurity

Community

Browse all →