CVE-2019-11076

CRITICAL

Cribl UI 1.5.0 - Unauthenticated Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-11076. PoCs published by livehybrid.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-11076, demonstrating remote code execution (RCE) in Cribl v1.5.0 via JWT token manipulation and script execution. The PoC includes a reverse shell payload and detailed curl commands to exploit the vulnerability.

Description

Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request.

Exploits (1)

nomisec WORKING POC 8 stars

by livehybrid · poc

https://github.com/livehybrid/poc-cribl-rce

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-11076, demonstrating remote code execution (RCE) in Cribl v1.5.0 via JWT token manipulation and script execution. The PoC includes a reverse shell payload and detailed curl commands to exploit the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cribl v1.5.0

Auth required

Prerequisites: Valid JWT token · Outbound network access from target · Ability to host malicious script on remote server

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise T1078 - Valid Accounts

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/livehybrid/poc-cribl-rce

Release Notes, Vendor Advisory x_refsource_confirm

https://docs.cribl.io/blog/release-v151

Scores

CVSS v3 9.8

EPSS 0.0351

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

cribl/cribl 1.5.0

Published Apr 23, 2019

Tracked Since Feb 18, 2026