Product
CVE-2026-4631 allows remote attackers to execute arbitrary code on a Cockpit host by injecting malicious SSH options via a crafted HTTP request to the login endpoint due to insufficient input validation of user-supplied hostnames and usernames.