Vulnerability Report

CVE-2026-4631

RCE

Title: Cockpit SSH Client Injection RCE

RCE

Proof Of Concept

PoC Available for CVE-2026-4631

CWE Category CWE-78

Published Date Apr 07, 2026

Modified Date Apr 10, 2026

Exploit Status Available

Score 9.8 CVSS v3.1

Exploit Probability (EPSS)

13.89%

Vulnerability Summary

CVE-2026-4631: Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability.

Impacted Vendors

Analysis in Progress...

Reference Links

https://access.redhat.com/security/cve/CVE-2026-4631 https://bugzilla.redhat.com/show_bug.cgi?id=2450246

CVSS v3.1

Source Entity [email protected]

Severity CRITICAL

9.8

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-4631 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/cyberheartmi9/CVE-2026-4631-cockpit-RCE

View Code

Exploit-DB https://www.exploit-db.com/exploits/52572

View Code

April 10, 2026 MODIFIED