CVE-2020-13957
CRITICALApache Solr 6.6.0-6.6.6 7.0.0-7.7.3 8.0.0-8.6.2 - Unauthenticated ConfigSet Upload Bypass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-13957. PoCs published by s-index.
AI-analyzed exploit summary This repository provides a working proof-of-concept for CVE-2020-13957, an Apache Solr RCE vulnerability. It demonstrates how to bypass security checks to upload a malicious ConfigSet and execute arbitrary commands via Velocity template injection.
Description
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
Exploits (1)
nomisec
WORKING POC
1 stars
by s-index · poc
https://github.com/s-index/CVE-2020-13957
This repository provides a working proof-of-concept for CVE-2020-13957, an Apache Solr RCE vulnerability. It demonstrates how to bypass security checks to upload a malicious ConfigSet and execute arbitrary commands via Velocity template injection.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3, and 8.0.0 to 8.6.2
No auth needed
Prerequisites:
Access to Solr admin API · Ability to upload a ConfigSet · Ability to create a collection
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (22)
Core 22
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r226c1112bb41e7cd427862d875eff9877a20a40242c2542f4dd39e4a%40%3Cissues.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r4ca8ba5980d9049cf3707798aa3116ee76c1582f171ff452ad2ca75e%40%3Cissues.lucene.apache.org%3E
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20201023-0002/
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3%40%3Cissues.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075%40%3Ccommits.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r7512ae552cd9d14ab8b1bc0a7e95f2ec52ae85364f068d4034398ede%40%3Cissues.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9d7356f209ee30d702b6a921c866564eb2e291b126640c7ab70feea7%40%3Ccommits.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5557641fcf5cfd99260a7037cfbc8788fb546b72c98a900570edaa2e%40%3Cissues.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r3d1e24a73e6bffa1d6534e1f34c8f5cbd9999495e7d933640f4fa0ed%40%3Cissues.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573%40%3Cissues.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r2f8d33a4de07db9459fb2a98a1cd39747066137636b53f84a13e5628%40%3Cissues.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r853fdc6d0b91d5e01a26c7bd5becb044ad775a231703d634ca5d55c9%40%3Cissues.lucene.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r2236fdf99ac3efbfc36c2df96d3a88f822baa6f45e13fec7ff558e34%40%3Cdev.bigtop.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r999f828e6e37d9e825e207471cbfd2681c3befcd7f3abd59ed87c0d5%40%3Cissues.bigtop.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb1de6ba50a468e9baff32a249edaa08f6bcec7dd7cc208e25e6b48c8%40%3Cissues.bigtop.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf1a32f00017e83ff29a74be2de02e28e4302dddb5f14c624e297a8c0%40%3Cdev.bigtop.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r2a6600fe9afd502c04d26fd112823ec3f3c3ad1b4a289d10567a78a0%40%3Cdev.bigtop.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r3da9895cea476bcee2557531bebd4e8f6f367dc3ea900a65e2f51cd8%40%3Cissues.bigtop.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb2f1c7fd3d3ea719dfac4706a80e6affddecae8663dda04e1335347f%40%3Ccommits.bigtop.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r622a043c2890327f8a4aea16b131e8a7137a282a004614369fceb224%40%3Cdev.bigtop.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E
Scores
CVSS v3
9.8
EPSS
0.7887
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (4)
apache/solr
6.6.0 - 6.6.6
org.apache.solr/solr-core
6.6.0 - 8.6.3Maven
org.apache.solr/solr-parent
6.6.0 - 8.6.3Maven
org.apache.solr/solr-solrj
6.6.0 - 8.6.3Maven
Published
Oct 13, 2020
Tracked Since
Feb 18, 2026