Platform
linux
Component
coolercontrold
Fixed in
4.0.0
CVE-2026-5300 is a vulnerability affecting CoolerControl/coolercontrold versions 0.14.0 through 4.0.0. This vulnerability allows unauthenticated attackers to view and modify potentially sensitive data through HTTP requests. The vulnerability was published on April 8, 2026, and a fix is available in version 4.0.0.
The primary impact of CVE-2026-5300 is the potential for unauthorized data access and modification. An attacker could leverage this vulnerability to view or alter configuration settings, operational data, or other sensitive information managed by the CoolerControl daemon. This could lead to disruption of service, data breaches, or even compromise of the underlying system if the data is used to control physical devices. The lack of authentication means that any attacker with network access to the CoolerControl daemon can exploit this vulnerability, significantly expanding the potential attack surface.
CVE-2026-5300 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the unauthenticated nature of the vulnerability suggests a moderate probability of exploitation. The vulnerability was disclosed publicly on April 8, 2026, coinciding with the CVE publication date.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5300 is to upgrade to version 4.0.0 of CoolerControl/coolercontrold, which includes the fix. If upgrading immediately is not possible, restrict network access to the CoolerControl daemon to only trusted sources. Implement a firewall rule to block all incoming connections except those from authorized clients. Consider using a reverse proxy to add an additional layer of authentication and authorization. While a direct workaround isn't available, carefully review and restrict access to any exposed HTTP endpoints.
Update to version 4.0.0 or higher to mitigate the vulnerability. This version implements the necessary authentication to protect sensitive data and prevent unauthorized access via HTTP requests.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5300 is a medium severity vulnerability affecting CoolerControl/coolercontrold versions 0.14.0 through 4.0.0. It allows unauthenticated attackers to view and modify sensitive data via HTTP requests.
You are affected if you are running CoolerControl/coolercontrold versions 0.14.0 through 4.0.0 and the daemon is accessible via HTTP.
Upgrade to version 4.0.0 of CoolerControl/coolercontrold. As a temporary measure, restrict network access to the daemon.
There are currently no confirmed reports of active exploitation, but the unauthenticated nature of the vulnerability suggests a potential risk.
Refer to the CoolerControl project's official website or repository for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.