RLSA-2026:21700

Synopsis

Important: cockpit security update

Description

Cockpit enables users to administer GNU/Linux servers using a web browser. It

offers network configuration, log inspection, diagnostic reports, SELinux

troubleshooting, interactive command-line sessions, and more.

Security Fix(es):

* cockpit: Cockpit: Arbitrary command execution via crafted links in system logs

UI (CVE-2026-4802)

For more details about the security issue(s), including the impact, a CVSS

score, acknowledgments, and other related information, refer to the CVE page(s)

listed in the References section.

Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2451155

CVEs

CVE-2026-4802

Affected packages

Rocky Linux 8 aarch64 - BaseOS

cockpit-0:310.8-1.el8_10.aarch64.rpm cockpit-0:310.8-1.el8_10.src.rpm cockpit-bridge-0:310.8-1.el8_10.aarch64.rpm cockpit-debuginfo-0:310.8-1.el8_10.aarch64.rpm cockpit-debugsource-0:310.8-1.el8_10.aarch64.rpm cockpit-doc-0:310.8-1.el8_10.noarch.rpm cockpit-system-0:310.8-1.el8_10.noarch.rpm cockpit-ws-0:310.8-1.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - BaseOS

cockpit-0:310.8-1.el8_10.src.rpm cockpit-0:310.8-1.el8_10.x86_64.rpm cockpit-bridge-0:310.8-1.el8_10.x86_64.rpm cockpit-debuginfo-0:310.8-1.el8_10.x86_64.rpm cockpit-debugsource-0:310.8-1.el8_10.x86_64.rpm cockpit-doc-0:310.8-1.el8_10.noarch.rpm cockpit-system-0:310.8-1.el8_10.noarch.rpm cockpit-ws-0:310.8-1.el8_10.x86_64.rpm