Skip to main content

Bloodhound

3 CVEs product

Monthly

CVE-2026-59255 HIGH POC PATCH This Week

Improper authorization in SpecterOps BloodHound through 9.4.0 lets any authenticated user tamper with the global custom-node graph schema by calling POST, PUT, and DELETE operations on the /api/v2/custom-nodes endpoints, which enforced only that a caller was logged in rather than that they held write permissions. Because custom node kinds are a shared, tenant-wide schema construct, a single low-privileged account can create, alter, or delete node types that affect every user and tenant on the instance. Publicly available exploit code exists and a vendor patch (commit 8f79035) is available; there is no CISA KEV listing, so exploitation is not confirmed as active.

Authentication Bypass Bloodhound
NVD GitHub
CVSS 4.0
7.1
CVE-2021-3210 CRITICAL POC Act Now

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bloodhound
NVD GitHub
CVSS 3.1
9.6
EPSS
2.7%
CVE-2019-15701 HIGH POC This Week

components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bloodhound
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVSS 7.1
HIGH POC PATCH This Week

Improper authorization in SpecterOps BloodHound through 9.4.0 lets any authenticated user tamper with the global custom-node graph schema by calling POST, PUT, and DELETE operations on the /api/v2/custom-nodes endpoints, which enforced only that a caller was logged in rather than that they held write permissions. Because custom node kinds are a shared, tenant-wide schema construct, a single low-privileged account can create, alter, or delete node types that affect every user and tenant on the instance. Publicly available exploit code exists and a vendor patch (commit 8f79035) is available; there is no CISA KEV listing, so exploitation is not confirmed as active.

Authentication Bypass Bloodhound
NVD GitHub
EPSS 3% CVSS 9.6
CRITICAL POC Act Now

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bloodhound
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bloodhound
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy