Home

Description

Cockpit CMS contains a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls, upload, removefiles, rename, createfolder) without performing any ACL or role check. Any authenticated user, regardless of role, can perform all bucket operations on any named bucket, including buckets intended for admin use only.

PUBLISHED Reserved 2026-06-25 | Published 2026-07-13 | Updated 2026-07-13 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Access Control

Product status

Default status
affected

Any version before 2.14.0
affected

Credits

Saidakbarxon Maxsudxonov finder

References

github.com/cockpit-hq/cockpit (Product) product

github.com/...ommit/dde2d1d74f5f4e11de42a298918ea8c9684f932c (Patch Commit) patch

gist.github.com/sermikr0/821c4edd3c34e98a62a50b07707785bd technical-description

www.vulncheck.com/...uthorization-in-bucket-file-storage-api third-party-advisory

cve.org (CVE-2026-57855)

nvd.nist.gov (CVE-2026-57855)

Download JSON