cockpit-310.8-1.el8_10.ML.1

エラータID: AXSA:2026-750:04

Release date: 
Wednesday, June 3, 2026 - 10:24
Subject: 
cockpit-310.8-1.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Cockpit enables users to administer GNU/Linux servers using a web browser. It
offers network configuration, log inspection, diagnostic reports, SELinux
troubleshooting, interactive command-line sessions, and more.

Security Fix(es):

* cockpit: Cockpit: Arbitrary command execution via crafted links in system logs

UI (CVE-2026-4802)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2026-4802
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.

Solution: 

Update packages.

CVEs: 
CVE-2026-4802
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.
Additional Info: 

N/A

Download: 

SRPMS
  1. cockpit-310.8-1.el8_10.ML.1.src.rpm
    MD5: 83a728f10f4875026b274fe95174036d
    SHA-256: 2ecc2239efaa8bfa031fe227ea4a2311df5cf76df5569769c49989c4f9a42a6e
    Size: 13.92 MB

Asianux Server 8 for x86_64
  1. cockpit-310.8-1.el8_10.ML.1.x86_64.rpm
    MD5: 9d3e26796527936bd930a935ffbd2425
    SHA-256: 9957141b8f8ac4fcfd02e788579ed0d59fa89532aea266ed641905a9eb7607a5
    Size: 90.08 kB
  2. cockpit-bridge-310.8-1.el8_10.ML.1.x86_64.rpm
    MD5: 02db2cfaa86ea59ef1fc7f88dc3b8648
    SHA-256: 104b5ca01936a0c1db56c38e0d92536f728b4ea7f5ec4333eee9242c6a772c22
    Size: 500.68 kB
  3. cockpit-doc-310.8-1.el8_10.ML.1.noarch.rpm
    MD5: d539f8c8358bd1de94c2743805699f5d
    SHA-256: 2b8582fd9ed6957610cbb755c9c6e2a200f54d7187fd85f0c6232bf331944e1b
    Size: 191.88 kB
  4. cockpit-system-310.8-1.el8_10.ML.1.noarch.rpm
    MD5: 1e492c048b8dc66c1bdc06b351cbb4e8
    SHA-256: 590a3f6737fb7b738777a8cc66a15d6b7776e7e36d835e6c25d78236089db692
    Size: 5.18 MB
  5. cockpit-ws-310.8-1.el8_10.ML.1.x86_64.rpm
    MD5: 4d9762f3702f1dc0107fb6987c160298
    SHA-256: 791b6cbd4622f24c8bb1f8384b96f9d17c8345270832bc09ef49ae288900a718
    Size: 0.96 MB