{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5208", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-03-31T09:35:01.724Z", "datePublished": "2026-04-08T11:36:11.910Z", "dateUpdated": "2026-04-08T12:55:51.455Z"}, "containers": {"cna": {"title": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold", "descriptions": [{"lang": "en", "value": "Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names"}], "affected": [{"vendor": "CoolerControl", "product": "coolercontrold", "versions": [{"version": "3.1.0", "status": "affected", "lessThan": "4.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "cweId": "CWE-78", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1.0/coolercontrold/src/alerts.rs?ref_type=tags#L576"}, {"url": "https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.0.0"}], "credits": [{"lang": "en", "value": "https://gitlab.com/lassi-3", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-08T11:36:11.910Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T12:55:44.805674Z", "id": "CVE-2026-5208", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T12:55:51.455Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5208", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T12:55:44.805674Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T12:55:47.478Z"}}], "cna": {"title": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold", "credits": [{"lang": "en", "type": "finder", "value": "https://gitlab.com/lassi-3"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CoolerControl", "product": "coolercontrold", "versions": [{"status": "affected", "version": "3.1.0", "lessThan": "4.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.0.0"}], "references": [{"url": "https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1.0/coolercontrold/src/alerts.rs?ref_type=tags#L576"}, {"url": "https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0"}], "descriptions": [{"lang": "en", "value": "Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-08T11:36:11.910Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5208", "state": "PUBLISHED", "dateUpdated": "2026-04-08T12:55:51.455Z", "dateReserved": "2026-03-31T09:35:01.724Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-04-08T11:36:11.910Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names"}], "id": "CVE-2026-5208", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2026-04-08T12:16:22.383", "references": [{"source": "cve@gitlab.com", "url": "https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1.0/coolercontrold/src/alerts.rs?ref_type=tags#L576"}, {"source": "cve@gitlab.com", "url": "https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-08T12:50:21.705665+00:00", "value": {"mitigation_remediation": ["Check the installed version of coolercontrold to determine if it is older than 4.0.0.", "Upgrade coolercontrold to version 4.0.0 or later as recommended by the vendor.", "After the upgrade, verify that alert names are no longer executed as shell commands."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is CoolerControl\u2019s coolercontrold daemon. All versions older than 4.0.0 are vulnerable regardless of operating system or deployment configuration. Any environment that allows authenticated users to create or edit alerts is exposed.", "description_and_impact": "A command injection vulnerability exists in the alert generation component of CoolerControl\u2019s coolercontrold daemon in all releases older than 4.0.0. The flaw allows an authenticated attacker to embed arbitrary bash commands in alert names, which the service executes with root privileges. This results in remote code execution and full system compromise. The weakness stems from improper sanitization of user input before concatenating it into an OS command, corresponding to a CWE\u201178 flaw.", "risk_and_exploitability": "With a CVSS score of 8.2, the vulnerability is considered high severity. The EPSS score is not available, but the requirement of authentication\u2014common in many deployments\u2014implies a non-negligible exploitation probability. The flaw is not listed in the CISA KEV catalog yet; however, the potential for full root compromise warrants immediate action. An attacker who can authenticate to the coolercontrold API can craft an alert name containing malicious shell syntax; when the daemon processes the alert, the embedded command runs as root, enabling arbitrary code execution."}}}}, "created": "2026-04-08T19:39:44.467197+00:00", "updated": "2026-04-08T19:39:44.467223+00:00", "vendors": []}