Coolercontrold

coolercontrold

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-5302 1Coolercontrol 1Coolercontrold Apr 16, 2026 Apr 8, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites
CVE-2026-5301 1Coolercontrol 1Coolercontrold Apr 16, 2026 Apr 8, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries
CVE-2026-5300 1Coolercontrol 1Coolercontrold Apr 16, 2026 Apr 8, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests
CVE-2026-5208 1Coolercontrol 1Coolercontrold Apr 16, 2026 Apr 8, 2026 N/A· v4 7.2 HIGH· v3 N/A· v2 Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names