Browse all 4 CVE security advisories affecting CoolerControl. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CoolerControl is an open-source software designed for monitoring and controlling PC cooling systems. Historically, the project has been affected by multiple critical vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation issues. These vulnerabilities often stem from improper input validation and insecure default configurations. While no major public security incidents have been documented, the presence of four CVEs indicates ongoing security challenges that users should address promptly through regular updates and hardening measures. The project's nature as system-level software increases potential impact, particularly if deployed in environments with elevated privileges.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5302 | Permissive Cross-domain Policy with Untrusted Domains in coolercontrold — coolercontroldCWE-942 | 6.3 | Medium | 2026-04-08 |
| CVE-2026-5300 | Missing Authentication for Critical Function in coolercontrold — coolercontroldCWE-306 | 5.9 | Medium | 2026-04-08 |
| CVE-2026-5301 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui — coolercontrol-uiCWE-79 | 7.6 | High | 2026-04-08 |
| CVE-2026-5208 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold — coolercontroldCWE-78 | 8.2 | High | 2026-04-08 |
This page lists every published CVE security advisory associated with CoolerControl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.