Vendor
A missing authorization vulnerability, CVE-2026-57855, in the Cockpit CMS Bucket file storage API allows any authenticated user, regardless of their assigned role, to perform all file operations on any named bucket, including those designated for administrative use, potentially leading to privilege escalation, data manipulation, or data destruction.