Security update for cockpit
This update for cockpit fixes the following issues - CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI (bsc#1265040). - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257838). - CVE-2026-27606: rollup: Arbitrary File Write via Path Traversal in Rollup 4 (bsc#1258900). - CVE-2026-27904: minimatch: nested *() extglobs can lead to regular expressions with exponential backtracking complexity and a ReDoS (bsc#1259015).
AI Analysis
Technical Summary
The SUSE Product Security Team released an update for cockpit that fixes four vulnerabilities: CVE-2026-4802 allows remote command execution through crafted links in system logs due to unsanitized user input; CVE-2026-25547 involves unbounded brace expansion in Node.js leading to excessive CPU and memory usage and potential crashes; CVE-2026-27606 is an arbitrary file write vulnerability via path traversal in Rollup 4; CVE-2026-27904 is a Regular Expression Denial of Service (ReDoS) in minimatch caused by nested extglobs with exponential backtracking complexity. These vulnerabilities affect the security and stability of the affected components and have been addressed in this update.
Potential Impact
Successful exploitation of these vulnerabilities could lead to remote command execution, denial of service through resource exhaustion or crashes, and arbitrary file writes which may compromise system integrity or availability. The remote command execution vulnerability (CVE-2026-4802) is particularly critical as it allows attackers to execute commands remotely via crafted system log links. The other vulnerabilities can cause service disruption or unauthorized file modifications.
Mitigation Recommendations
A security update has been released by the SUSE Product Security Team addressing these vulnerabilities. Applying this official update is the recommended remediation. No additional mitigation steps are indicated beyond installing the provided fix.
Security update for cockpit
Description
This update for cockpit fixes the following issues - CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI (bsc#1265040). - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257838). - CVE-2026-27606: rollup: Arbitrary File Write via Path Traversal in Rollup 4 (bsc#1258900). - CVE-2026-27904: minimatch: nested *() extglobs can lead to regular expressions with exponential backtracking complexity and a ReDoS (bsc#1259015).
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The SUSE Product Security Team released an update for cockpit that fixes four vulnerabilities: CVE-2026-4802 allows remote command execution through crafted links in system logs due to unsanitized user input; CVE-2026-25547 involves unbounded brace expansion in Node.js leading to excessive CPU and memory usage and potential crashes; CVE-2026-27606 is an arbitrary file write vulnerability via path traversal in Rollup 4; CVE-2026-27904 is a Regular Expression Denial of Service (ReDoS) in minimatch caused by nested extglobs with exponential backtracking complexity. These vulnerabilities affect the security and stability of the affected components and have been addressed in this update.
Potential Impact
Successful exploitation of these vulnerabilities could lead to remote command execution, denial of service through resource exhaustion or crashes, and arbitrary file writes which may compromise system integrity or availability. The remote command execution vulnerability (CVE-2026-4802) is particularly critical as it allows attackers to execute commands remotely via crafted system log links. The other vulnerabilities can cause service disruption or unauthorized file modifications.
Mitigation Recommendations
A security update has been released by the SUSE Product Security Team addressing these vulnerabilities. Applying this official update is the recommended remediation. No additional mitigation steps are indicated beyond installing the provided fix.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- SUSE Product Security Team
- Advisory Id
- SUSE-SU-2026:2363-1
- Cve Count
- 4
- Additional Cves
- ["CVE-2026-27606","CVE-2026-27904","CVE-2026-4802"]
- Cvss Version
- null
Threat ID: 6a2bea1be617e2d834589bd7
Added to database: 6/12/2026, 11:14:35 AM
Last enriched: 6/12/2026, 11:16:49 AM
Last updated: 6/12/2026, 12:20:08 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.