CVE-2022-1471

HIGH LAB

PyTorch Model Server Registration and Deserialization RCE

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2022-1471. PoCs published by 1fabunicorn, JAckLosingHeart, falconkei, including Metasploit module exploits/multi/http/torchserver_cve_2023_43654.

AI-analyzed exploit summary This PoC demonstrates CVE-2022-1471, a deserialization vulnerability in SnakeYAML 1.33, allowing arbitrary code execution via crafted YAML input. The exploit triggers a network request to a controlled server, proving the vulnerability.

Description

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Exploits (7)

nomisec WORKING POC 8 stars
by 1fabunicorn · poc
https://github.com/1fabunicorn/SnakeYAML-CVE-2022-1471-POC

This PoC demonstrates CVE-2022-1471, a deserialization vulnerability in SnakeYAML 1.33, allowing arbitrary code execution via crafted YAML input. The exploit triggers a network request to a controlled server, proving the vulnerability.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Trivial
Reliability
Reliable
Target: SnakeYAML 1.33
No auth needed
Prerequisites: SnakeYAML 1.33 dependency · ability to deliver malicious YAML input
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 5 stars
by JAckLosingHeart · javapoc
https://github.com/JAckLosingHeart/CVE-PoC-Collection/tree/main/snakeyaml-CVE-2022-1471

This repository contains functional exploit code for multiple CVEs, including deserialization and RCE vulnerabilities in Java-based software. The PoCs are well-structured and include actual exploit code for vulnerabilities like CVE-2022-42889 (commons-text), CVE-2023-23638 (dubbo), and others.

Classification
Working Poc 95%
Attack Type
Rce | Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Apache Commons Text, Apache Dubbo, Fastjson, Jackson, Log4j, MySQL
No auth needed
Prerequisites: Java environment · vulnerable version of target software
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 4 stars
by falconkei · poc
https://github.com/falconkei/snakeyaml_cve_poc

This repository contains a proof-of-concept exploit for CVE-2022-1471, demonstrating deserialization vulnerabilities in SnakeYAML. The PoC includes a web server that serializes and deserializes YAML payloads, with instructions to trigger an HTTP GET request to an attacker-controlled server.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: SnakeYAML (versions affected by CVE-2022-1471)
No auth needed
Prerequisites: Network access to the target server · Ability to send crafted YAML payloads
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by anupamojha-eng · poc
https://github.com/anupamojha-eng/sentinel-transitive-cve-demo

This repository demonstrates multiple CVEs, including CVE-2022-1471 (SnakeYAML deserialization RCE), CVE-2022-42003 (Jackson polymorphic deserialization), and CVE-2022-42889 (Text4Shell). It includes functional exploit code for these vulnerabilities in a Spring Boot application.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Spring Boot applications using vulnerable versions of SnakeYAML, Jackson, and Apache Commons Text
No auth needed
Prerequisites: Network access to the target application · Ability to send crafted YAML/JSON payloads to vulnerable endpoints
devstral-2 · analyzed Jun 01, 2026 Full analysis →
nomisec WORKING POC
by seal-sec-demo-2 · poc
https://github.com/seal-sec-demo-2/yaml-payload

This is a functional PoC for CVE-2022-1471, a SnakeYAML deserialization vulnerability. It exploits unsafe Yaml.load() to inject a Tomcat Valve or start a standalone HTTP server, replacing the target application with a 'PWNED' page.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Applications using SnakeYAML with unsafe Yaml.load() (e.g., Spring Boot)
No auth needed
Prerequisites: Target application must use SnakeYAML's unsafe Yaml.load() · Network access to load remote JAR payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Idan Levcovich, Guy Kaplan, Gal Elbaz, Swapneil Kumar Dash, Spencer McIntyre · rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/torchserver_cve_2023_43654.rb

This Metasploit module exploits a chain of vulnerabilities in PyTorch TorchServe, including CVE-2023-43654 (SSRF in model registration) and CVE-2022-1471 (SnakeYAML deserialization RCE), to achieve unauthenticated remote code execution by registering a malicious MAR file containing a crafted YAML payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PyTorch TorchServe < 8.0.2
No auth needed
Prerequisites: Network access to the TorchServe management interface (default port 8081) · Target running a vulnerable version of TorchServe
devstral-2 · analyzed Apr 24, 2026 Full analysis →

References (11)

Core 11
Core References

Scores

CVSS v3 8.3
EPSS 0.9385
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
+6 more repos

Details

CWE
CWE-502 CWE-20
Status published
Products (2)
org.yaml/snakeyaml 0 - 2.0Maven
snakeyaml_project/snakeyaml < 2.0
Published Dec 01, 2022
Tracked Since Feb 18, 2026