Back

Fedora 43 and 44 pcs Code Execution Vulnerabilities Addressed

Severity: High (Score: 60.6)

Sources: Linuxsecurity

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: fixed, fedora, important, code, execution, updated, standalone

Severity indicators: arbitrary code execution

Summary

Fedora has released important updates for its pcs-web-ui application to address vulnerabilities identified as CVE-2026-4800. These vulnerabilities allow arbitrary code execution via untrusted input in template imports. The updates were published on June 10, 2026, and affect users of Fedora 43 and 44. The issues were resolved in version 0.12.2-2, which was updated on May 15, 2026. Users are advised to apply the updates using the 'dnf' update program. The vulnerabilities were linked to bugs that caused crashes and improper ordering of resources in the application. The patches are crucial for maintaining system security and preventing potential exploitation. Key Points: • Fedora 43 and 44 pcs applications received critical updates for CVE-2026-4800. • Arbitrary code execution vulnerabilities were fixed in version 0.12.2-2 released on May 15, 2026. • Users must update their systems using the 'dnf' command to mitigate risks.

Detailed Analysis

**Impact** Users of Fedora 43 and 44 running the pcs (Pacemaker/Corosync) cluster management tools are affected by arbitrary code execution vulnerabilities. This impacts IT environments relying on high-availability cluster management, potentially disrupting critical infrastructure services. No specific sectors, geographies, or data breach details are provided in the sources. **Technical Details** The vulnerability, tracked as CVE-2026-4800, involves arbitrary code execution via untrusted input in lodash template imports within pcs. The issue causes crashes and misordering of resources in cluster configurations. The fix updates pcs-web-ui to version 0.1.24.3 and pcs to 0.12.2-2. No malware, attacker infrastructure, or IOCs are mentioned. **Recommended Response** Apply the Fedora security updates immediately using the dnf upgrade commands with advisories FEDORA-2026-c0f7d885ee (Fedora 43) and FEDORA-2026-d420bebe72 (Fedora 44). Monitor pcs resource and stonith list commands for crashes or unexpected behavior. Harden cluster management access controls and review resource constraint configurations.

Source articles (2)

  • Fedora 44 pcs Important Code Execution Fix CVE-2026 — Linuxsecurity · 2026-06-10
    Updated standalone web UI and HA Cluster Management Cockpit application to pcs- web-ui 0.1.24.3 (see CHANGELOG_WUI.md) Fixed a crash when running pcs resource|stonith list Fixed order of resources in…
  • Fedora 43 pcs Important Arbitrary Code Execution Fix 2026 — Linuxsecurity · 2026-06-10
    Updated standalone web UI and HA Cluster Management Cockpit application to pcs- web-ui 0.1.24.3 (see CHANGELOG_WUI.md) Fixed a crash when running pcs resource|stonith list Fixed order of resources in…

Timeline

  • 2026-03-31 — CVE-2026-4800 published: CVE-2026-4800 disclosed as a vulnerability allowing arbitrary code execution via untrusted input.
  • 2026-05-15 — Fedora updates pcs-web-ui to fix vulnerabilities: Version 0.12.2-2 released, addressing multiple bugs including CVE-2026-4800.
  • 2026-06-10 — Important security updates announced: Fedora 43 and 44 users are urged to apply the latest updates to mitigate the vulnerabilities.

CVEs

  • CVE-2026-4800

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-94 - Code Injection (Cwe)
  • Fedora (Company)
  • Linux (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed