CVE Catalog

CVE-2026-13533

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

20th percentile — higher than 20% of all known CVEs

Summary

A security vulnerability in Cockpit CMS up to version 0.12.2 affects the Spyc::YAMLLoad function in the /config/config.yaml file of the htaccess Handler component. This manipulation leads to unauthorized access to files or directories. The attack can be launched remotely and the exploit has been publicly disclosed.

Risk Assessment

The organization is at risk of remote access to sensitive configuration files and data, potentially leading to information disclosure or further attack escalation.

Recommendation

Immediately change the Cockpit CMS configuration settings and consider updating to a newer version if available. Due to the vendor's lack of response, it is recommended to temporarily disable or secure the htaccess Handler component.

Original NVD description (English source)

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Configuration settings should be changed. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS