UBUNTU-CVE-2026-4631

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-4631

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4631.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-4631

Upstream

CVE-2026-4631

Published

2026-04-07T17:16:00Z

Modified

2026-05-20T16:26:10.226282688Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability.

References

Affected packages

Ubuntu:18.04:LTS

cockpit

Package

Name: cockpit
Purl: pkg:deb/ubuntu/cockpit?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

151-1

156-1

157-1

158-1

160-1

161-1

162-1

163-1

164-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cockpit",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-bridge",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-dashboard",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-docker",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-machines",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-networkmanager",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-packagekit",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-storaged",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-system",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-tests",
            "binary_version": "164-1"
        },
        {
            "binary_name": "cockpit-ws",
            "binary_version": "164-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4631.json"

Ubuntu:20.04:LTS

cockpit

Package

Name: cockpit
Purl: pkg:deb/ubuntu/cockpit?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

202.*

202.1-1

Other

204-1

206-1

207-1

208-1

210-1

211-1

212-1

213-1

215-1

214.*

214.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cockpit",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-bridge",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-dashboard",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-machines",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-networkmanager",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-packagekit",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-pcp",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-storaged",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-system",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-tests",
            "binary_version": "215-1"
        },
        {
            "binary_name": "cockpit-ws",
            "binary_version": "215-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4631.json"

Ubuntu:22.04:LTS

cockpit

Package

Name: cockpit
Purl: pkg:deb/ubuntu/cockpit?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

252-1

256-1

257-1

258-1

259-1

260-1

261-1

262-1

263-1

264-1

264-1ubuntu0.*

264-1ubuntu0.22.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cockpit",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-bridge",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-networkmanager",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-packagekit",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-pcp",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-sosreport",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-storaged",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-system",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-tests",
            "binary_version": "264-1ubuntu0.22.04.1"
        },
        {
            "binary_name": "cockpit-ws",
            "binary_version": "264-1ubuntu0.22.04.1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4631.json"

Ubuntu:24.04:LTS

cockpit

Package

Name: cockpit
Purl: pkg:deb/ubuntu/cockpit?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

300.*

300.1-1

Other

303-1

304-1

305-1

306-1

307-1

308-1

309-1

311-1

312-1build2

314-1

310.*

310.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cockpit",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-bridge",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-networkmanager",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-packagekit",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-pcp",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-sosreport",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-storaged",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-system",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-tests",
            "binary_version": "314-1"
        },
        {
            "binary_name": "cockpit-ws",
            "binary_version": "314-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4631.json"

Ubuntu:25.10

cockpit

Package

Name: cockpit
Purl: pkg:deb/ubuntu/cockpit?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

333-1

337-1

339-1

342-1

343-1

345-1

346-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cockpit",
            "binary_version": "346-1"
        },
        {
            "binary_name": "cockpit-bridge",
            "binary_version": "346-1"
        },
        {
            "binary_name": "cockpit-networkmanager",
            "binary_version": "346-1"
        },
        {
            "binary_name": "cockpit-packagekit",
            "binary_version": "346-1"
        },
        {
            "binary_name": "cockpit-sosreport",
            "binary_version": "346-1"
        },
        {
            "binary_name": "cockpit-storaged",
            "binary_version": "346-1"
        },
        {
            "binary_name": "cockpit-system",
            "binary_version": "346-1"
        },
        {
            "binary_name": "cockpit-ws",
            "binary_version": "346-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4631.json"

Ubuntu:26.04:LTS

cockpit

Package

Name: cockpit
Purl: pkg:deb/ubuntu/cockpit?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

346-1

348-1

350-1

352-1

354-1

355-1

356-1

360-1

353.*

353.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "cockpit",
            "binary_version": "360-1"
        },
        {
            "binary_name": "cockpit-bridge",
            "binary_version": "360-1"
        },
        {
            "binary_name": "cockpit-networkmanager",
            "binary_version": "360-1"
        },
        {
            "binary_name": "cockpit-packagekit",
            "binary_version": "360-1"
        },
        {
            "binary_name": "cockpit-sosreport",
            "binary_version": "360-1"
        },
        {
            "binary_name": "cockpit-storaged",
            "binary_version": "360-1"
        },
        {
            "binary_name": "cockpit-system",
            "binary_version": "360-1"
        },
        {
            "binary_name": "cockpit-ws",
            "binary_version": "360-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4631.json"