CVE-2026-5208

HIGH NVD

CVSS Score 8.2

Severity HIGH

Published Apr 08, 2026

Vendor unknown

Description

Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

References

https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1.0/coolercontrold/src/alerts.rs?ref_type=tags#L576
https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0