✅ Check your installed version
All known vulnerabilities
CRITICAL9.9CVE-2023-4195Cockpit PHP Remote File Inclusion vulnerability from 0, < 2.6.3
CRITICAL9.8CVE-2026-38992Cockpit is vulnerable to arbitrary code execution from 0, < 2.14.0
CRITICAL9.8CVE-2024-4825Cockpit CMS contains an arbitrary file upload vulenrability from 0, < 2.7.0
HIGH8.8CVE-2026-38991Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type from 0, < 2.14.0
HIGH8.8CVE-2023-37650Cockpit CMS Cross-Site Request Forgery vulnerability from 0, < 2.6.0
HIGH8.8CVE-2023-1313cockpit-hq/cockpit is vulnerable to unrestricted file uploads from 0, < 2.4.1
from 0, < 2.3.8
HIGH8.8CVE-2022-2818Cockpit Content Platform vulnerable to 2FA bypass from 0, < 2.2.2
from 0, <= 2.6.3
from 0, <= 2.6.3
from 0, <= 2.6.2
from 0, < 2.6.3
from 0, <= 2.6.3
HIGH7.7CVE-2026-31891Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw() from 0, < 2.13.5
from 0, < 2.4.1
HIGH7.5CVE-2023-37649Cockpit CMS vulnerable to incorrect access control from 0, < 2.6.0
from 0, < 2.6.3
from 0, < 2.14.0
MEDIUM6.3CVE-2026-6626Cockpit has NoSQL Injection Through Content Aggregation Pipelines from 0, < 2.14.0
MEDIUM6.1CVE-2023-41564Cockpit CMS arbitrary file upload vulnerability from 0, <= 2.6.3
from 0, <= 2.6.3
MEDIUM5.5CVE-2024-2001Cockpit CMS Cross-Site Scripting vulnerability MEDIUM5.5CVE-2023-1160Cockpit Uses Platform-Dependent Third Party Components from 0, <= 2.3.9
MEDIUM5.4CVE-2026-23695Cockpit CMS: Stored cross-site scripting vulnerability in the Set field type's Display template option from 0, <= 2.14.0
MEDIUM5.4CVE-2023-0780Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit from 0, < 2.3.9
LOW3.5CVE-2025-7053Cockpit - Content Platform vulnerable to XSS through name or email argument names from 0, < 2.11.4