Skip to content

Cockpit

v356.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 13d Server & OS Management
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

cockpit javascript linux-servers

Affected surfaces

rce_ssrf

ReleasePort's take

Moderate signal
editorial:auto 13d

The release patches CVE-2026-4802 for RHEL-161406 and RHEL-161380, removing the insights-detail.json usage per CCT-1421.

Why it matters: Patch immediately if you run affected RHEL versions; they are vulnerable to CVE-2026-4802 with severity 50.

Summary

AI summary

Security fix for CVE-2026-4802

Changes in this release

Security Medium

Patches CVE-2026-4802 backported for RHEL-161406 and RHEL-161380.

Patches CVE-2026-4802 backported for RHEL-161406 and RHEL-161380.

Source: llm_adapter@2026-05-21

Confidence: low
Refactor Medium

Removes usage of insights-detail.json per CCT-1421.

Removes usage of insights-detail.json per CCT-1421.

Source: llm_adapter@2026-05-21

Confidence: low
Full changelog
  • Backport patches for CVE-2026-4802 (RHEL-161406 / RHEL-161380)
  • Do not use insights-detail.json (CCT-1421)

Security Fixes

  • CVE-2026-4802 — RHEL patches applied (RHEL-161406 / RHEL-161380)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Cockpit

Get notified when new releases ship.

Sign up free

About Cockpit

Cockpit is a web-based graphical interface for servers.

All releases →

Related context

Related CVEs

Beta — feedback welcome: [email protected]