CVE-2026-5208
HIGH WAF: High
CVSS 7.2
Published: 2026-04-08
CWE-78
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| coolercontrol | coolercontrold | 3.1.0 - 4.0.0 |
References
- gitlab.com (Product)
- gitlab.com (Release Notes)