CVE-2026-5302

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published Apr 08, 2026

Vendor unknown

Description

CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites

References

https://gitlab.com/coolercontrol/coolercontrol/-/blob/2.0.0/coolercontrold/src/api/mod.rs?ref_type=tags#L374
https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0