CVE-2026-5302
CORS Misconfiguration in CoolerControl <4.0.0 Enables Remote Data Access
Publication date: 2026-04-08
Last updated on: 2026-04-16
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coolercontrol | coolercontrold | to 4.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-942 | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Origin Resource Sharing (CORS) misconfiguration in CoolerControl's coolercontrold service versions below 4.0.0. It allows unauthenticated remote attackers to exploit the service by reading data and sending commands through malicious websites.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access where attackers can remotely read sensitive data and send commands to the coolercontrold service without authentication. This could result in unauthorized control over cooling devices, potential disruption of service, and leakage of sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves a CORS misconfiguration that allows unauthenticated remote attackers to read data and send commands to the service via malicious websites. This could lead to unauthorized access and potential data exposure.
Such unauthorized access and data exposure may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access.
However, the provided information does not specify the exact nature of the data involved or how this vulnerability directly affects compliance with these regulations.