Browse all 16 CVE security advisories affecting Cockpit-HQ. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Cockpit-HQ is a web-based server management interface that provides system administrators with tools for monitoring and controlling Linux servers. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting attacks, and privilege escalation issues, accounting for its 16 recorded CVEs. The platform's security posture has been compromised through authentication bypass vulnerabilities and insecure default configurations, though no major public incidents have been widely documented. Its architecture exposes attack surfaces through web service endpoints and plugin systems, requiring strict access controls and regular updates to mitigate risks associated with its privileged system access capabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6626 | Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic injection — CockpitCWE-943 | 6.3 | Medium | 2026-04-20 |
| CVE-2026-31891 | Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw() — CockpitCWE-89 | 7.7 | High | 2026-03-18 |
This page lists every published CVE security advisory associated with Cockpit-HQ. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.