CVE-2020-1956

HIGH KEV NUCLEI

Apache Kylin 2.3.0-2.6.5 and 3.0.1 - OS Command Injection via RESTful API

Title source: llm

Exploitation Summary

CVE-2020-1956 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022. EIP tracks 1 public exploit from researchers including b510. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2020-1956 in Apache Kylin by leveraging command injection in the configuration migration feature to achieve remote code execution. It authenticates as an admin user and injects a reverse shell payload into the configuration settings.

Description

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.

Exploits (1)

nomisec WORKING POC

by b510 · remote-auth

https://github.com/b510/CVE-2020-1956

View Code ZIP pw:eip

This PoC exploits CVE-2020-1956 in Apache Kylin by leveraging command injection in the configuration migration feature to achieve remote code execution. It authenticates as an admin user and injects a reverse shell payload into the configuration settings.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Kylin < 2.6.6, >= 3.0.0, < 3.0.2

Auth required

Prerequisites: Admin credentials · Network access to the target

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache Kylin 3.0.1 - Command Injection Vulnerability

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.favicon.hash:-186961397

FOFA: icon_hash=-186961397

References (9)

Core 9

Core References

Mailing List, Mitigation, Vendor Advisory x_refsource_misc

https://lists.apache.org/thread.html/r1332ef34cf8e2c0589cf44ad269fb1fb4c06addec6297f0320f5111d%40%3Cuser.kylin.apache.org%3E

Exploit, Third Party Advisory x_refsource_misc

https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cuser.kylin.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cdev.kylin.apache.org%3E

Mailing List, Patch mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r61666760d8a4e8764b2d5fe158d8a48b569414480fbfadede574cdc0%40%3Ccommits.kylin.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r250a867961cfd6e0506240a9c7eaee782d84c6ab0091c7c4bc45f3eb%40%3Cannounce.apache.org%3E

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/14/1

Mailing List, Patch mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf%40%3Ccommits.kylin.apache.org%3E

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1956

Scores

CVSS v3 8.8

EPSS 0.9411

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-25

VulnCheck KEV 2020-10-14

InTheWild.io 2022-03-25

ENISA EUVD EUVD-2020-0557

CWE

CWE-78

Status published

Products (6)

apache/kylin 2.4.0

apache/kylin 2.4.1

apache/kylin 3.0.0 (4 CPE variants)

apache/kylin 3.0.1

apache/kylin 2.3.0 - 2.3.2

org.apache.kylin/kylin-core-common 0 - 2.6.6Maven

Published May 22, 2020

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026