EUVD-2026-23409
GHSA-f2cg-3cww-mcq8
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the named pipe with the privileges of the user under whose context the service is running. This allows for Server-Side Request Forgery to any Windows system on which the agent is installed and which provides communication via SMB or WebDav.
This issue was fixed in version 2.8.33.
AnalysisAI
GREENmod before 2.8.33 allows remote code execution and server-side request forgery via incorrectly configured named pipes that accept unauthenticated XML or JSON file uploads, processing them with service-level privileges on Windows systems. An attacker on the network can abuse this to trigger SSRF attacks against SMB or WebDAV targets accessible to the service account, potentially compromising internal Windows infrastructure without authentication.
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today