CVE-2026-57856

Cockpit HQ · Cockpit CMS

Cockpit CMS is susceptible to a path traversal vulnerability in the Bucket file storage API that allows an authenticated user to access files outside of the intended directory.

Executive summary

A path traversal vulnerability in the Cockpit CMS Bucket API permits authenticated attackers to access or manipulate unauthorized files on the server.

Vulnerability

The application fails to properly sanitize input for the bucket name within the /system/buckets/api endpoint, leading to a path traversal (CWE-22) condition. This enables an authenticated attacker to traverse the file system and access files that should be restricted.

Business impact

This flaw can be leveraged to read or potentially overwrite arbitrary files on the underlying host, leading to full system compromise or sensitive information disclosure. Given the CVSS score of 8.8, this represents a major threat to organizational data security and server stability.

Remediation

Immediate Action: Upgrade to Cockpit CMS version 2.14.0 or later, which incorporates fixes for path traversal vulnerabilities within the bucket API.

Proactive Monitoring: Monitor server access logs for path traversal patterns (e.g., ../) within API requests to the bucket storage system.

Compensating Controls: Ensure the web server process runs with the least privilege necessary, restricting its ability to access sensitive system files even if a traversal occurs.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Immediate patching to version 2.14.0 is required to prevent potential remote file system manipulation. Organizations should also audit current user permissions to ensure that authenticated users do not possess unnecessary access to the CMS API.