CVE-2026-23695— Cockpit CMS 2.14.0 Stored XSS via Set Field Display Template
Possible ATT&CK Techniques 3AI
T1014 · Rootkit T1059 · Command and Scripting Interpreter T1189 · Drive-by CompromiseAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cockpit-HQ | Cockpit | ≤ 2.14.0 | affected |
72a83fcfe85ad8330e9ae834bc02fa517b5749e9 | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-23695
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cockpit CMS 2.14.0 Stored XSS via Set Field Display Template
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function() and rendered via Vue's v-html directive without sanitization. An attacker with content/:models/manage permission can inject arbitrary JavaScript into the Display template, which executes in the browser of any user viewing the collection items list.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cockpit-HQ | Cockpit | 0 ~ 2.14.0 | - |
II. Public POCs for CVE-2026-23695
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-23695
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Cockpit-HQ
- CVE-2026-6626
Cockpit-HQ Cockpit Asset Handler/Aggregate data query logic - CVE-2026-31891
Cockpit CMS has SQL Injection in MongoLite Aggregation Optim - CVE-2023-4451
Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit - CVE-2023-4433
Cross-site Scripting (XSS) - Stored in cockpit-hq/cockpit - CVE-2023-4432
Cross-site Scripting (XSS) - Reflected in cockpit-hq/cockpit
Same weakness: CWE-79
- CVE-2026-8656
jsondiffpatch < 0.7.6 格式化器跨站脚本漏洞 - CVE-2026-44549
Open WebUI: Stored XSS in excel file preview - CVE-2026-45299
Open WebUI: Stored Cross-Site Scripting In Profile Picture - CVE-2026-45665
Open WebUI: Stored XSS in Banner Component via Improper Sani - CVE-2026-45318
Open WebUI: Stored XSS via unsanitized Office/Excel/DOCX fil
V. Comments for CVE-2026-23695
No comments yet