{"id":"PYSEC-2026-314","summary":"Cobbler vulnerable to arbitrary code execution","details":"Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the \"add repo\" component resulting in arbitrary code execution as root user.","aliases":["CVE-2017-1000469","GHSA-96hw-v598-jvgh"],"modified":"2026-06-29T12:15:15.999842699Z","published":"2026-06-29T11:50:32.228898Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000469"},{"type":"WEB","url":"https://github.com/cobbler/cobbler/issues/1845"},{"type":"WEB","url":"https://github.com/cobbler/cobbler/commit/4b20397425a5d42a2d8927233654f4d7435bd4c2"},{"type":"PACKAGE","url":"https://github.com/cobbler/cobbler"},{"type":"PACKAGE","url":"https://pypi.org/project/cobbler"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-96hw-v598-jvgh"}],"affected":[{"package":{"name":"cobbler","ecosystem":"PyPI","purl":"pkg:pypi/cobbler"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.0"}]}],"versions":["0.6.3-2"],"database_specific":{"last_known_affected_version_range":"\u003c= 2.8.2","source":"https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2026-314.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}