CVE-2021-36808

MEDIUM

Sophos Secure Workspace < 9.7.3115 - Local Password Bypass via Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-36808. PoCs published by ctuIhu.

AI-analyzed exploit summary The exploit leverages a race condition in Sophos Secure Workspace for Android to bypass the app password. It rapidly switches between the app's MainActivity and the home screen to trigger the vulnerability.

Description

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.

Exploits (1)

nomisec WORKING POC

by ctuIhu · poc

https://github.com/ctuIhu/CVE-2021-36808

View Code ZIP pw:eip

The exploit leverages a race condition in Sophos Secure Workspace for Android to bypass the app password. It rapidly switches between the app's MainActivity and the home screen to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Racy

Target: Sophos Secure Workspace for Android before version 9.7.3115

No auth needed

Prerequisites: ADB access to the target Android device · Sophos Secure Workspace installed and running

MITRE ATT&CK

T1562.001 - Disable or Modify Tools

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.sophos.com/en-us/security-advisories/sophos-sa-20211029-ssw-pw-bypass

Scores

CVSS v3 5.9

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-362

Status published

Products (1)

sophos/sophos_secure_workspace < 9.7.3115

Published Oct 30, 2021

Tracked Since Feb 18, 2026