CVE-2026-34965HIGH 8.8EPSS p52.6%

CVE-2026-34965CVE-2026-34965

Description

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.83% probability of exploitation · percentile 52.6% · 2026-06-19T12:03:05Z
Published2026-04-29
Last modified2026-04-29

Underlying weaknesses· 1

CWE-94

References

  1. https://gist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90
  2. https://github.com/agentejo/cockpit
  3. https://github.com/agentejo/cockpit/commits/494765e4f0fb9484f320aee0c6ee889b6fa789b9
  4. https://www.vulncheck.com/advisories/cockpit-cms-authenticated-remote-code-execution-via-collections

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-38992
CVE
CVE-2026-38991
CVE
CVE-2025-29306
CVE
CVE-2026-4631
CVE
Craft CMS Code Injection Vulnerability
CVE
CVE-2026-35466
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.