Cockpit Flaw Enables Remote Command Execution

A high-severity vulnerability (CVE-2026-4802) in Cockpit, the popular Linux server management web interface, lets remote attackers run arbitrary shell commands by injecting metacharacters into crafted links shown in the system logs UI. Successful exploitation could fully compromise the host, putting any organization using Cockpit to administer Linux servers at risk. Admins should apply vendor patches as soon as they are available and restrict access to the Cockpit interface in the meantime.