cockpit-hq/cockpit Security Advisories for 2.8.0 (2)
-
[HIGH] Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()
PKSA-rm9w-whnt-2jgw CVE-2026-31891 GHSA-7x5c-vfhj-9628
Affected version: <2.13.5
Reported by:
GitHub -
[MEDIUM] Cockpit - Content Platform vulnerable to XSS through name or email argument names
PKSA-htm2-8b2r-zt3z CVE-2025-7053 GHSA-j4rj-fgcq-wmqp
Affected version: <2.11.4
Reported by:
GitHub