Cyber Posture

CVE-2026-5302

MediumPublic PoC

Published: 08 April 2026

Published
08 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.0004 10.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5302 is a medium-severity Permissive Cross-domain Security Policy with Untrusted Domains (CWE-942) vulnerability in Coolercontrol Coolercontrold. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-46 (Cross Domain Policy Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious Link (T1204.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-46 Cross Domain Policy Enforcement good match
prevent

Enforces cross-domain policies to directly prevent unauthorized cross-origin requests from malicious websites exploiting the CORS misconfiguration.

AC-4 Information Flow Enforcement good match
prevent

Controls information flows between untrusted domains and the service, mitigating permissive CORS that allows unauthenticated data access and command execution.

SC-7 Boundary Protection partial match
preventdetect

Monitors and controls boundary communications to block or detect anomalous cross-origin API requests enabled by the CORS flaw.

MITRE ATT&CK Enterprise TechniquesAI

T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
attack.mitre.org →
T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
attack.mitre.org →
Why these techniques?

The CVE description explicitly states exploitation via luring victims to malicious websites with user interaction required, directly enabling malicious link delivery and spearphishing link techniques. The permissive CORS allows the malicious site to read data and send commands to the local API.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites

Deeper analysisAI

CVE-2026-5302 is a CORS misconfiguration vulnerability in CoolerControl/coolercontrold versions prior to 4.0.0. This issue, mapped to CWE-942 (Permissive Cross-domain Policy with Untrusted Domains), carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). The flaw stems from inadequate CORS policy enforcement in the coolercontrold API component.

Unauthenticated remote attackers can exploit this vulnerability by luring victims to malicious websites. Once visited, these sites enable attackers to read data from and send commands to the targeted CoolerControl service on the victim's system, requiring user interaction but no privileges.

The vulnerability is visible in the source code at line 374 of coolercontrold/src/api/mod.rs in the 2.0.0 tag. Mitigation is addressed in the CoolerControl 4.0.0 release, to which affected systems should be updated.

Details

CWE(s)
CWE-942

Affected Products

coolercontrol
coolercontrold
≤ 4.0.0

CVEs Like This One

CVE-2026-5300Same product: Coolercontrol Coolercontrold
CVE-2026-5208Same product: Coolercontrol Coolercontrold
CVE-2026-5301Same product: Coolercontrol Coolercontrold
CVE-2026-30924Shared CWE-942
CVE-2026-25478Shared CWE-942
CVE-2025-9292Shared CWE-942
CVE-2026-32610Shared CWE-942
CVE-2026-41056Shared CWE-942
CVE-2026-33043Shared CWE-942
CVE-2024-22348Shared CWE-942

References