CVE-2026-5131
Received Received - Intake

Named Pipe ACL Misconfiguration in GREENmod Enables SSRF

Vulnerability report for CVE-2026-5131, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-17

Last updated on: 2026-04-17

Assigner: CERT.PL

Description

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the named pipe with the privileges of the user under whose context the service is running. This allows for Server-Side Request Forgery toΒ any Windows systemΒ on which the agent is installed and which provides communication via SMB or WebDav. This issue was fixed in version 2.8.33.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-17
Last Modified
2026-04-17
Generated
2026-07-06
AI Q&A
2026-04-17
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
greenmod greenmod 2.8.33

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in GREENmod arises because the access control lists for named pipes used for communication between plugins, the web portal, and the system service are configured incorrectly.

This misconfiguration allows an attacker to communicate with the named pipe stream and upload any XML or JSON file.

The uploaded files are then processed by the named pipe with the privileges of the user under whose context the service is running.

This enables Server-Side Request Forgery (SSRF) attacks to any Windows system where the agent is installed and which provides communication via SMB or WebDav.

Impact Analysis

This vulnerability can allow an attacker to execute Server-Side Request Forgery (SSRF) attacks on affected Windows systems.

Because the attacker can upload and have processed arbitrary XML or JSON files with the privileges of the service user, they may be able to perform unauthorized actions or access sensitive information.

This could lead to unauthorized access, data exposure, or manipulation within the affected system or network.

Mitigation Strategies

The vulnerability in GREENmod is fixed in version 2.8.33. Immediate mitigation should include upgrading the GREENmod software to version 2.8.33 or later.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5131. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart