CVE-2022-24082

CRITICAL

Pega Infinity 8.1.0-8.7.3 - Remote Code Execution via JMX Interface Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24082. PoCs published by Marcin Wolak.

AI-analyzed exploit summary This exploit leverages CVE-2022-24082 to achieve RCE on Pega Platform by exploiting JMX/RMI services. It uses the MOGWAI LABS JMX Exploitation Toolkit (mjet) to install a malicious MBean and execute arbitrary commands.

Description

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.

Exploits (1)

exploitdb WORKING POC
by Marcin Wolak · textwebappsmultiple
https://www.exploit-db.com/exploits/51099

This exploit leverages CVE-2022-24082 to achieve RCE on Pega Platform by exploiting JMX/RMI services. It uses the MOGWAI LABS JMX Exploitation Toolkit (mjet) to install a malicious MBean and execute arbitrary commands.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Pega Platform 8.1.0 to 8.3.7
No auth needed
Prerequisites: Network access to RMI registry (port 9999) · JVM and jython installed · MOGWAI LABS JMX Exploitation Toolkit (mjet) · HTTP server to serve payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0911
EPSS Percentile 94.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (1)
pega/infinity 8.1.0 - 8.7.3
Published Jul 19, 2022
Tracked Since Feb 18, 2026