CVE-2019-12890

CRITICAL

RedwoodHQ 2.5.5 - Unauthenticated Admin User Creation via Database Insert Operation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-12890. PoCs published by EthicalHCOP.

AI-analyzed exploit summary This exploit leverages missing authentication in RedwoodHQ's MongoDB instance to create an admin user by directly inserting a crafted document into the 'users' collection. It uses HMAC-MD5 for password hashing and requires no prior authentication.

Description

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.

Exploits (2)

exploitdb WORKING POC
by EthicalHCOP · pythonwebappsmultiple
https://www.exploit-db.com/exploits/46992

This exploit leverages missing authentication in RedwoodHQ's MongoDB instance to create an admin user by directly inserting a crafted document into the 'users' collection. It uses HMAC-MD5 for password hashing and requires no prior authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: RedwoodHQ 2.0 / 2.5.5
No auth needed
Prerequisites: Network access to MongoDB port (default 27017) · MongoDB instance without authentication enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by EthicalHCOP · poc
https://github.com/EthicalHCOP/CVE-2019-12890_RedxploitHQ

This exploit leverages an unauthenticated MongoDB connection to create an admin user in RedwoodHQ by inserting a crafted document into the 'users' collection. It uses HMAC-MD5 for password hashing and directly interacts with the MongoDB instance.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: RedwoodHQ versions 2.0 and 2.5.5
No auth needed
Prerequisites: Access to MongoDB port (default 27017) · RedwoodHQ instance with unauthenticated MongoDB
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/46992
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=MK9AvoJDtxY

Scores

CVSS v3 9.8
EPSS 0.0622
EPSS Percentile 92.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (2)
redwoodhq/redwoodhq 2.0
redwoodhq/redwoodhq 2.5.5
Published Jun 19, 2019
Tracked Since Feb 18, 2026