CVE-2021-36798

HIGH

HelpSystems Cobalt Strike 4.2-4.3 - Denial of Service via Team Server Thread Crash

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-36798. PoCs published by JamVayne, M-Kings, sponkmonk.

AI-analyzed exploit summary This repository contains a functional Python-based exploit for CVE-2021-36798, targeting Cobalt Strike servers with a denial-of-service (DoS) attack. The exploit leverages malleable profile transformations and beacon metadata manipulation to flood the server with crafted requests.

Description

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.

Exploits (3)

nomisec WORKING POC 103 stars
by JamVayne · poc
https://github.com/JamVayne/CobaltStrikeDos

This repository contains a functional Python-based exploit for CVE-2021-36798, targeting Cobalt Strike servers with a denial-of-service (DoS) attack. The exploit leverages malleable profile transformations and beacon metadata manipulation to flood the server with crafted requests.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Cobalt Strike (versions 4.0 and above)
No auth needed
Prerequisites: Network access to the Cobalt Strike server · Python environment with required dependencies (M2Crypto, pefile, etc.)
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 37 stars
by M-Kings · poc
https://github.com/M-Kings/CVE-2021-36798

This repository contains a functional exploit PoC for CVE-2021-36798, a DoS vulnerability in Cobalt Strike < 4.3. The script fetches beacon configurations from a C2 server and registers a beacon to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Cobalt Strike < 4.3
No auth needed
Prerequisites: Access to a Cobalt Strike C2 server URL
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by sponkmonk · poc
https://github.com/sponkmonk/CobaltSploit

This repository contains a functional exploit for CVE-2021-36798, targeting Cobalt Strike Team Servers. It uses Shodan API to identify potential targets and spams them with crafted requests to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cobalt Strike Team Server
No auth needed
Prerequisites: Shodan API key · List of target IPs or domains
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.cobaltstrike.com/releasenotes.txt

Scores

CVSS v3 7.5
EPSS 0.0429
EPSS Percentile 89.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-770
Status published
Products (2)
helpsystems/cobalt_strike 4.2
helpsystems/cobalt_strike 4.3
Published Aug 09, 2021
Tracked Since Feb 18, 2026