CVE-2020-36911

CRITICAL

Covenant 0.1.3-0.5 - Remote Code Execution via JWT Token Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36911. PoCs published by xThaz.

AI-analyzed exploit summary This exploit leverages a hardcoded JWT secret key in Covenant v0.5 to forge admin tokens, then uploads a malicious profile with a reverse shell payload to achieve remote code execution. The payload is compiled as a .NET DLL and executed via message transformation.

Description

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.

Exploits (1)

exploitdb WORKING POC
by xThaz · pythonwebappsmultiple
https://www.exploit-db.com/exploits/51141

This exploit leverages a hardcoded JWT secret key in Covenant v0.5 to forge admin tokens, then uploads a malicious profile with a reverse shell payload to achieve remote code execution. The payload is compiled as a .NET DLL and executed via message transformation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Covenant v0.1.3 - v0.5
No auth needed
Prerequisites: Network access to Covenant API · Mono framework for payload compilation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 9.8
EPSS 0.1045
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-798
Status published
Products (2)
cobbr/covenant 0.1.3 - 0.5
Cobbr/Covenant 0.1.3 - 0.5
Published Jan 13, 2026
Tracked Since Feb 18, 2026