Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-13533— agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access

CVSS 5.3 · Medium EPSS 0.29% · P20

Affected Version Matrix 3

VendorProductVersion RangeStatus
agentejoCockpit CMS0.12.0affected
0.12.1affected
0.12.2affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-13533

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对外部实体的文件或目录可访问
Source: NVD (National Vulnerability Database)
Vulnerability Title
Agentejo Cockpit CMS 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Agentejo Cockpit CMS是德国Agentejo组织的一款内容管理系统软件。 Agentejo Cockpit CMS 0.12.2及之前版本存在安全漏洞,该漏洞源于htaccess Handler组件的文件/config/config.yaml中的Spyc::YAMLLoad函数问题,导致文件或目录可被远程访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
agentejoCockpit CMS 0.12.0 cpe:2.3:a:agentejo:cockpit_cms:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-13533

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-13533

登录查看更多情报信息。

Exploits & Public PoCs for CVE-2026-13533 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-13533

No comments yet


Leave a comment