{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29920?format=json","vulnerability_id":"VCID-x83m-8w57-dfa3","summary":"","aliases":[{"alias":"CVE-2026-4802"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1079371?format=json","purl":"pkg:deb/debian/cockpit@337-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@337-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1079373?format=json","purl":"pkg:deb/debian/cockpit@362-1~bpo13%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@362-1~bpo13%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/35113?format=json","purl":"pkg:deb/debian/cockpit@362-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@362-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35111?format=json","purl":"pkg:deb/debian/cockpit@239-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-753s-xekx-1feg"},{"vulnerability":"VCID-st3k-s15t-8uf5"},{"vulnerability":"VCID-u4tc-3vwv-vbdd"},{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@239-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1078502?format=json","purl":"pkg:deb/debian/cockpit@239-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-753s-xekx-1feg"},{"vulnerability":"VCID-st3k-s15t-8uf5"},{"vulnerability":"VCID-u4tc-3vwv-vbdd"},{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@239-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1078503?format=json","purl":"pkg:deb/debian/cockpit@287.1-0%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@287.1-0%252Bdeb12u3"},{"url":"http://public2.vulnerablecode.io/api/packages/35109?format=json","purl":"pkg:deb/debian/cockpit@287.1-0%2Bdeb12u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@287.1-0%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/35114?format=json","purl":"pkg:deb/debian/cockpit@337-1%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@337-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1079372?format=json","purl":"pkg:deb/debian/cockpit@337-1%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cockpit@337-1%252Bdeb13u1"},{"url":"http://public2.vulnerablecode.io/api/packages/326226?format=json","purl":"pkg:rpm/redhat/cockpit@264.3-1?arch=el9_0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@264.3-1%3Farch=el9_0"},{"url":"http://public2.vulnerablecode.io/api/packages/326224?format=json","purl":"pkg:rpm/redhat/cockpit@264.3-1?arch=el8_6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@264.3-1%3Farch=el8_6"},{"url":"http://public2.vulnerablecode.io/api/packages/326228?format=json","purl":"pkg:rpm/redhat/cockpit@286.2-1?arch=el8_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@286.2-1%3Farch=el8_8"},{"url":"http://public2.vulnerablecode.io/api/packages/326227?format=json","purl":"pkg:rpm/redhat/cockpit@286.3-1?arch=el9_2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@286.3-1%3Farch=el9_2"},{"url":"http://public2.vulnerablecode.io/api/packages/326220?format=json","purl":"pkg:rpm/redhat/cockpit@310.8-1?arch=el8_10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@310.8-1%3Farch=el8_10"},{"url":"http://public2.vulnerablecode.io/api/packages/326223?format=json","purl":"pkg:rpm/redhat/cockpit@311.3-1?arch=el9_4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@311.3-1%3Farch=el9_4"},{"url":"http://public2.vulnerablecode.io/api/packages/326219?format=json","purl":"pkg:rpm/redhat/cockpit@334.2-1?arch=el10_0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@334.2-1%3Farch=el10_0"},{"url":"http://public2.vulnerablecode.io/api/packages/326222?format=json","purl":"pkg:rpm/redhat/cockpit@334.3-1?arch=el9_6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@334.3-1%3Farch=el9_6"},{"url":"http://public2.vulnerablecode.io/api/packages/326221?format=json","purl":"pkg:rpm/redhat/cockpit@356.2-1?arch=el9_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@356.2-1%3Farch=el9_8"},{"url":"http://public2.vulnerablecode.io/api/packages/326225?format=json","purl":"pkg:rpm/redhat/cockpit@356.2-1?arch=el10_2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x83m-8w57-dfa3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@356.2-1%3Farch=el10_2"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4802.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4802","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51291","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55349","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55351","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55365","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4802"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4802","reference_id":"CVE-2026-4802","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T13:38:49Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4802"},{"reference_url":"https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210","reference_id":"logsJournal.jsx#L206-L210","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T13:38:49Z/"}],"url":"https://github.com/cockpit-project/cockpit/blob/e204cd130/pkg/systemd/logsJournal.jsx#L206-L210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21390","reference_id":"RHSA-2026:21390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21392","reference_id":"RHSA-2026:21392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21394","reference_id":"RHSA-2026:21394","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21395","reference_id":"RHSA-2026:21395","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21395"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21468","reference_id":"RHSA-2026:21468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21515","reference_id":"RHSA-2026:21515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21516","reference_id":"RHSA-2026:21516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21647","reference_id":"RHSA-2026:21647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21676","reference_id":"RHSA-2026:21676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21700","reference_id":"RHSA-2026:21700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21700"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451155","reference_id":"show_bug.cgi?id=2451155","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T13:38:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451155"}],"weaknesses":[{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."}],"exploits":[],"severity_range_score":"8.0 - 8.8","exploitability":"0.5","weighted_severity":"7.2","risk_score":3.6,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x83m-8w57-dfa3"}