CoolerControl UI XSS (CVE-2026-5301)

Overview

A stored cross-site scripting (XSS) vulnerability, identified as CVE-2026-5301, exists in the log viewer component of CoolerControl/coolercontrol-ui versions prior to 4.0.0. This flaw allows an unauthenticated remote attacker to inject and persistently store malicious JavaScript code within log entries. When an administrator or other user views these poisoned logs in the web interface, the attacker’s script executes in the victim’s browser session.

Technical Impact

The vulnerability has a CVSS v3.1 base score of 7.6 (High). With no privileges required and low attack complexity, an attacker can craft a malicious log entry-potentially by sending malformed data to a service that CoolerControl monitors-to poison the log viewer. Successful exploitation requires user interaction, typically an administrator reviewing logs. Once executed, the malicious script runs within the context of the CoolerControl UI session. This can lead to a complete compromise of the CoolerControl service, allowing attackers to perform actions as the logged-in user, such as changing system settings, executing commands on the underlying host, or stealing session credentials. For the latest on emerging threats, monitor our security news.

Affected Products

This vulnerability affects CoolerControl/coolercontrol-ui versions less than 4.0.0. The coolercontrol-ui is the web-based management interface for the CoolerControl hardware monitoring and fan control software.

Remediation and Mitigation

The primary and definitive remediation is to upgrade to CoolerControl/coolercontrol-ui version 4.0.0 or later. The maintainers have addressed the vulnerability in this release.

If immediate upgrading is not possible, consider these temporary mitigation strategies:

• Restrict Network Access: Ensure the CoolerControl UI web interface is not exposed to untrusted networks, such as the public internet. Limit access to trusted internal IP ranges only.
• Implement a Web Application Firewall (WAF): Deploy a WAF in front of the service configured to filter and block XSS payloads.
• Administrative Awareness: Advise users with access to the log viewer to exercise caution and avoid interacting with suspicious or unexpected log entries.

Organizations should review access logs for any unusual activity targeting the /logs or similar endpoints. For guidance on handling potential compromises, relevant breach reports may provide useful context.

Security Insight

This vulnerability highlights the persistent risk of secondary data channels, like log files, becoming attack vectors when they are not properly sanitized before display. It mirrors incidents in other management consoles where trusted administrative data feeds became injection points. The flaw suggests a need for stronger input validation and output encoding practices across all data presentation layers in system management tools, not just primary user inputs.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs