CVE-2026-5208

HIGH CVSS 8.2 View on NVD ↗

Description

Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1.0/coolercontrold/src/alerts.rs?ref_type=tags#L576
https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0

Published: Apr 08, 2026 12:16 UTC Modified: Apr 08, 2026 21:26 UTC