EXECUTIVE SUMMARY:
CVE-2026-4631 with a CVSS score of 9.8 is a critical Remote Code Execution (RCE) flaw discovered in Cockpit, a lightweight and popular interactive server admin interface for Linux. The vulnerability affects Cockpit versions available prior to version 360. The vulnerability lies within Cockpit's remote login feature, which allows user-supplied hostnames and usernames to be directly passed to the underlying SSH client without any validation or sanitization. By crafting a single HTTP request to the login endpoint, an attacker with network access can inject malicious SSH options or shell commands, resulting in full RCE on the Cockpit host. This enables an attacker to bypass the login screen entirely and assume control of the host system, representing a potential takeover of the server. The business impact and consequences of this vulnerability are severe, as Cockpit provides an interactive admin interface for entire servers, making unauthorized code execution absolute. The vulnerability can be exploited by anyone capable of reaching the web service, without the need for valid credentials or access.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-4631 with a CVSS score of 9.8 is a critical Remote Code Execution (RCE) flaw discovered in Cockpit, a lightweight and popular interactive server admin interface for Linux. The vulnerability affects Cockpit versions available prior to version 360. The vulnerability lies within Cockpit's remote login feature, which allows user-supplied hostnames and usernames to be directly passed to the underlying SSH client without any validation or sanitization. By crafting a single HTTP request to the login endpoint, an attacker with network access can inject malicious SSH options or shell commands, resulting in full RCE on the Cockpit host. This enables an attacker to bypass the login screen entirely and assume control of the host system, representing a potential takeover of the server. The business impact and consequences of this vulnerability are severe, as Cockpit provides an interactive admin interface for entire servers, making unauthorized code execution absolute. The vulnerability can be exploited by anyone capable of reaching the web service, without the need for valid credentials or access.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update Cockpit to version 360.
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/cockpit-rce-vulnerability-linux-security-cve-2026-4631/