Primary

Context

CoolerControl Command Injection Vulnerability in Alert Names Allowing Root Code Execution

Vulnerability

A command injection vulnerability has been identified in CoolerControl versions prior to 4.0.0. This issue allows authenticated attackers to execute arbitrary code as root by injecting bash commands into alert names. The vulnerability arises from insufficient sanitization of command inputs in the alert management feature of the application.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands with root privileges, allowing for potentially harmful actions to be performed on the system.

Remediation

Users can upgrade to CoolerControl version 4.0.0 or later, where this vulnerability has been addressed.

Added: Apr 8, 2026, 12:43 PM

Updated: Apr 8, 2026, 12:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CoolerControl Command Injection Vulnerability in Alert Names Allowing Root Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating