CVE-2026-57855
Cockpit HQ · Cockpit CMS
Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API that allows authenticated users to perform unauthorized actions.
Executive summary
A missing authorization flaw in Cockpit CMS allows authenticated attackers to manipulate the Bucket file storage API, posing a significant risk to data integrity.
Vulnerability
This vulnerability involves an improper access control (CWE-284) issue within the /system/buckets/api endpoint. An attacker with low-level privileges can bypass authorization checks, allowing them to perform unauthorized operations on the file storage system.
Business impact
Exploitation of this vulnerability allows an authenticated user to gain unauthorized access to file storage resources, potentially leading to data manipulation or unauthorized file deletion. With a CVSS score of 8.8, this vulnerability carries a high risk of service disruption and data compromise, threatening the confidentiality and integrity of the CMS.
Remediation
Immediate Action: Update Cockpit CMS to version 2.14.0 or later to resolve the authorization bypass.
Proactive Monitoring: Review application logs for unauthorized access attempts or suspicious API calls to the /system/buckets/api endpoint by low-privileged user accounts.
Compensating Controls: Utilize a Web Application Firewall (WAF) to restrict access to sensitive API endpoints and enforce strict role-based access control (RBAC) policies.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Administrators should update their Cockpit CMS instances to version 2.14.0 immediately to remediate this access control flaw. Failure to update leaves the system exposed to unauthorized file storage manipulation by malicious or compromised internal users.