CVE-2021-36711

CRITICAL

OctoBot < 0.4.4 - Remote Code Execution via Tentacles Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-36711. PoCs published by Samy Younsi.

AI-analyzed exploit summary This exploit targets CVE-2021-36711 in OctoBot WebInterface versions 0.4.0beta3 to 0.4.3, achieving RCE by injecting a malicious tentacle package. The exploit crafts a backdoor by modifying Python files to include a reverse shell, then uploads and installs the package on the target system.

Description

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.

Exploits (1)

exploitdb WORKING POC
by Samy Younsi · pythonwebappsmultiple
https://www.exploit-db.com/exploits/50979

This exploit targets CVE-2021-36711 in OctoBot WebInterface versions 0.4.0beta3 to 0.4.3, achieving RCE by injecting a malicious tentacle package. The exploit crafts a backdoor by modifying Python files to include a reverse shell, then uploads and installs the package on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OctoBot WebInterface 0.4.0beta3 - 0.4.3
No auth needed
Prerequisites: Network access to the target OctoBot instance · Target must be running a vulnerable version of OctoBot WebInterface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory x_refsource_misc
https://www.octobot.online/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Nwqda/Sashimi-Evil-OctoBot-Tentacle
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Drakkar-Software/OctoBot/issues/1966

Scores

CVSS v3 9.8
EPSS 0.4954
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (2)
octobot/octobot < 0.4.4
pypi/OctoBot 0 - 0.4.4PyPI
Published Jul 16, 2022
Tracked Since Feb 18, 2026