# CVE-2026-38993

> Vulnerability · severity: **MEDIUM** (CVSS 6.5).

## Description

Cockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.

## Key facts

- **CVE ID:** CVE-2026-38993
- **Published:** 2026-04-29
- **CVSS severity:** MEDIUM
- **CVSS base score:** 6.5
- **CWE codes:** CWE-22

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-38993

## Citation

> AI Analytics. CVE-2026-38993. Retrieved 2026-07-16 from https://api.ai-analytics.org/cve/CVE-2026-38993. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*