CVE-2026-5131
Named Pipe ACL Misconfiguration in GREENmod Enables SSRF
Publication date: 2026-04-17
Last updated on: 2026-04-17
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| greenmod | greenmod | 2.8.33 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in GREENmod arises because the access control lists for named pipes used for communication between plugins, the web portal, and the system service are configured incorrectly.
This misconfiguration allows an attacker to communicate with the named pipe stream and upload any XML or JSON file.
The uploaded files are then processed by the named pipe with the privileges of the user under whose context the service is running.
This enables Server-Side Request Forgery (SSRF) attacks to any Windows system where the agent is installed and which provides communication via SMB or WebDav.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute Server-Side Request Forgery (SSRF) attacks on affected Windows systems.
Because the attacker can upload and have processed arbitrary XML or JSON files with the privileges of the service user, they may be able to perform unauthorized actions or access sensitive information.
This could lead to unauthorized access, data exposure, or manipulation within the affected system or network.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in GREENmod is fixed in version 2.8.33. Immediate mitigation should include upgrading the GREENmod software to version 2.8.33 or later.