CVE-2020-35191

CRITICAL

Drupal Docker <8.5.10-fpm-alpine - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35191. PoCs published by megadimenex.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2020-35191, targeting Docker containers with vulnerable configurations. The exploit manipulates the /etc/shadow file to bypass authentication by replacing password hashes with a known value (12345).

Description

The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Exploits (1)

nomisec WORKING POC 1 stars
by megadimenex · poc
https://github.com/megadimenex/MegaHiDocker

This repository contains a functional Python exploit for CVE-2020-35191, targeting Docker containers with vulnerable configurations. The exploit manipulates the /etc/shadow file to bypass authentication by replacing password hashes with a known value (12345).

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Multiple Docker containers (e.g., solr, bitnami/phppgadmin, bitnami/cassandra, etc.)
No auth needed
Prerequisites: Docker installed on the attacker's machine · Subprocess module for Python 3.X · Access to pull and run vulnerable Docker containers
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0457
EPSS Percentile 90.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (2)
drupal/drupal_docker_images 8.3.0-fpm-alpine (2 CPE variants)
drupal/drupal_docker_images 8.3.1-fpm-alpine - 8.5.10-fpm-alpine
Published Dec 17, 2020
Tracked Since Feb 18, 2026