CVE-2026-4802
Red Hat · Cockpit
An OS command injection vulnerability exists in Red Hat Cockpit, allowing authenticated low-privileged users to execute arbitrary commands on the host system.
Executive summary
A critical OS command injection vulnerability in Red Hat Cockpit could allow authenticated attackers to achieve full system compromise.
Vulnerability
This is an OS Command Injection (CWE-78) vulnerability. It requires an attacker to have authenticated access (low privileges) and involves the interaction of malicious input with system-level commands.
Business impact
Successful exploitation allows an attacker to execute arbitrary commands with the privileges of the Cockpit service, potentially leading to a full system takeover. Given the CVSS score of 8.0, this represents a high-risk scenario where unauthorized access can result in complete data exfiltration, service disruption, or lateral movement within the network.
Remediation
Immediate Action: Apply the relevant security errata provided by Red Hat (e.g., RHSA-2026:21390 and associated links) to update the Cockpit package to the specified fixed versions.
Proactive Monitoring: Review system and application logs for unexpected command execution patterns or suspicious process spawning originating from the Cockpit user context.
Compensating Controls: Implement strict network segmentation to limit access to the Cockpit management interface to trusted administrative subnets only.
Exploitation status
Public Exploit Available: Yes — a public proof-of-concept exists on GitHub.
Analyst recommendation
The vulnerability presents a significant risk to the integrity and availability of RHEL-based systems. Administrators should prioritize the deployment of the provided security errata across all affected RHEL 8 and 10 environments to mitigate the threat of remote command execution.