SUSE-SU-2026:2005-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20262005-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:2005-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:2005-1
Upstream
  • CVE-2026-0775
  • CVE-2026-4802
Related
Published
2026-05-19T08:23:18Z
Modified
2026-05-20T08:00:04.681919016Z
Summary
Security update for cockpit
Details

This update for cockpit fixes the following issues

  • CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user (bsc#1256521).
  • CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI (bsc#1265040).
  • CVE-2026-29074: svgo: no guard against entity expansion or recursion when processing XML with custom entities can lead to DoS (bsc#1259290).
References

Affected packages