Plattform
linux
Komponente
coolercontrold
Behoben in
4.0.0
CVE-2026-5300 is a vulnerability affecting CoolerControl/coolercontrold versions 0.14.0 through 4.0.0. This vulnerability allows unauthenticated attackers to view and modify potentially sensitive data through HTTP requests. The vulnerability was published on April 8, 2026, and a fix is available in version 4.0.0.
The primary impact of CVE-2026-5300 is the potential for unauthorized data access and modification. An attacker could leverage this vulnerability to view or alter configuration settings, operational data, or other sensitive information managed by the CoolerControl daemon. This could lead to disruption of service, data breaches, or even compromise of the underlying system if the data is used to control physical devices. The lack of authentication means that any attacker with network access to the CoolerControl daemon can exploit this vulnerability, significantly expanding the potential attack surface.
CVE-2026-5300 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the unauthenticated nature of the vulnerability suggests a moderate probability of exploitation. The vulnerability was disclosed publicly on April 8, 2026, coinciding with the CVE publication date.
Systems utilizing CoolerControl/coolercontrold in environments with direct network exposure are at risk. This includes deployments where the daemon is accessible from the internet or untrusted networks. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable.
• linux / server:
journalctl -u coolercontrold | grep -i "HTTP request"• linux / server:
ss -tulnp | grep coolercontrold• generic web:
curl -I http://<coolercontrold_ip>/ | grep -i "server: coolercontrold"disclosure
Exploit-Status
EPSS
0.01% (1% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-5300 is to upgrade to version 4.0.0 of CoolerControl/coolercontrold, which includes the fix. If upgrading immediately is not possible, restrict network access to the CoolerControl daemon to only trusted sources. Implement a firewall rule to block all incoming connections except those from authorized clients. Consider using a reverse proxy to add an additional layer of authentication and authorization. While a direct workaround isn't available, carefully review and restrict access to any exposed HTTP endpoints.
Aktualisieren Sie auf Version 4.0.0 oder höher, um die Vulnerabilität zu mindern. Diese Version implementiert die notwendige Authentifizierung, um sensible Daten zu schützen und unautorisierten Zugriff über HTTP-Anfragen zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-5300 is a medium severity vulnerability affecting CoolerControl/coolercontrold versions 0.14.0 through 4.0.0. It allows unauthenticated attackers to view and modify sensitive data via HTTP requests.
You are affected if you are running CoolerControl/coolercontrold versions 0.14.0 through 4.0.0 and the daemon is accessible via HTTP.
Upgrade to version 4.0.0 of CoolerControl/coolercontrold. As a temporary measure, restrict network access to the daemon.
There are currently no confirmed reports of active exploitation, but the unauthenticated nature of the vulnerability suggests a potential risk.
Refer to the CoolerControl project's official website or repository for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.