CVE-2026-38991 | Cockpit up to 2.13.5 Bucket _isFileTypeAllowed access control

Inserito da Angelo Barbosa | Apr 29, 2026 | CVE

A vulnerability, which was classified as critical, was found in Cockpit up to 2.13.5. This issue affects the function _isFileTypeAllowed of the component Bucket. Executing a manipulation can lead to improper access controls.

This vulnerability is handled as CVE-2026-38991. The attack can be executed remotely. There is not any exploit available.

CVE-2026-38991 | Cockpit up to 2.13.5 Bucket _isFileTypeAllowed access control

Post correlati

CVE-2024-0372 | Views for WPForms Plugin up to 3.2.2 on WordPress get_form_fields authorization

CVE-2024-56277 | Poll Maker Plugin up to 5.5.4 on WordPress escape output

CVE-2024-11054 | SourceCodester Simple Music Cloud Community System 1.0 ajax.php?action=signup pp unrestricted upload

CVE-2024-30386 | Juniper Junos OS/Junos OS Evolved l2ald use after free (JSA79184)