HIGHCVE-2026-5208Published Modified CNA GitLab
CVE-2026-5208: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names
Metrics
- CVSS v3.1
- 8.2
- Severity
- HIGH
- Fixed in
- 4.0.0
- Affected Products
- 1
Fix available
4.0.0
Affected packages
- CoolerControl / coolercontrold< 4.0.0 (from 3.1.0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HReferences