Platform
linux
Component
coolercontrold
Fixed in
4.0.0
CVE-2026-5208 is a Command Injection vulnerability discovered in coolercontrold, a component used for temperature monitoring and control. An authenticated attacker can exploit this flaw to execute arbitrary commands on the system with root privileges by injecting malicious bash commands into alert names. This vulnerability affects versions 3.1.0 through 4.0.0 of coolercontrold. A patch has been released, resolving the issue in version 4.0.0.
CVE-2026-5208 in coolercontrold, affecting versions prior to 4.0.0, allows authenticated attackers to execute arbitrary commands on the system as root. This is achieved by injecting bash commands into alert names. An authenticated attacker with access to the CoolerControl system can create an alert with a malicious name containing operating system commands. When the system processes this alert name, it executes the injected commands, granting the attacker control over the system with root privileges. The severity of this vulnerability is high, as it allows for complete system takeover. Updating to version 4.0.0 or later is crucial to mitigate this risk.
The vulnerability is exploited through the creation of an alert with a name containing malicious bash commands. An authenticated attacker can leverage this vulnerability to execute arbitrary commands on the system as root. The success of the exploitation depends on authenticated access to the CoolerControl system and the ability to create alerts. The complexity of exploitation is relatively low, as it does not require advanced technical skills. However, the potential impact is very high, as it allows for complete system takeover. A security audit is recommended to identify and correct any misconfigurations that may facilitate the exploitation of this vulnerability.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
The solution for CVE-2026-5208 is to update to version 4.0.0 or later of coolercontrold. This version corrects the vulnerability by properly sanitizing alert names, preventing the execution of arbitrary commands. In the meantime, as a temporary measure, restrict access to the alert creation functionality to trusted users only. Additionally, monitor system logs for suspicious activity related to alert creation or modification. The update is the most effective and recommended solution to completely eliminate the risk of exploitation.
Actualice a la versión 4.0.0 o superior para mitigar la vulnerabilidad de inyección de comandos. Esta versión corrige la falta de neutralización de elementos especiales en los nombres de las alertas, evitando la ejecución de comandos arbitrarios.
Vulnerability analysis and critical alerts directly to your inbox.
coolercontrold is a daemon that controls cooling hardware in servers.
Root is the user with the highest privileges on a Linux system, allowing full access and control.
You can verify the version by running the command coolercontrold --version in the command line.
As a temporary measure, restrict access to alert creation and monitor system logs.
Perform a security audit and look for unusual commands in system logs.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.