CVE-2022-28108

HIGH

Selenium Grid < 4.0.0 - Cross-Site Request Forgery via Non-JSON Content Types

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-28108. PoCs published by ZeroEthical, Jon Stratton, Takahiro Yokoyama, randomstuff (Gabriel Corona), Wiz Research, Takahiro Yokoyama, including Metasploit module exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.

AI-analyzed exploit summary This repository contains a modified Metasploit module for CVE-2022-28108, which exploits a CSRF vulnerability in Selenium Server (Grid) versions prior to 4.0.0-alpha-7. The exploit leverages non-JSON content types to achieve Remote Code Execution (RCE) and includes additional post-exploitation features.

Description

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.

Exploits (3)

nomisec WORKING POC
by ZeroEthical · poc
https://github.com/ZeroEthical/CVE-2022-28108

This repository contains a modified Metasploit module for CVE-2022-28108, which exploits a CSRF vulnerability in Selenium Server (Grid) versions prior to 4.0.0-alpha-7. The exploit leverages non-JSON content types to achieve Remote Code Execution (RCE) and includes additional post-exploitation features.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Selenium Server (Grid) < 4.0.0-alpha-7
No auth needed
Prerequisites: Vulnerable Selenium Server instance · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Jon Stratton, Takahiro Yokoyama · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb

This Metasploit module exploits CVE-2022-28108, a CSRF vulnerability in Selenium Grid <= 4.27.0, by creating a malicious Firefox profile to achieve remote code execution (RCE) on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Selenium Grid <= 4.27.0
No auth needed
Prerequisites: Access to the Selenium Grid server on port 4444 · Firefox browser configured in the Selenium Grid
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by randomstuff (Gabriel Corona), Wiz Research, Takahiro Yokoyama · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb

This Metasploit module exploits CVE-2022-28108, a CSRF vulnerability in Selenium Server (Grid) before 4.0.0-alpha-7, allowing remote command execution via maliciously crafted session creation requests. The exploit leverages the 'goog:chromeOptions' parameter to execute arbitrary commands through Python.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Selenium Server (Grid) before 4.0.0-alpha-7
No auth needed
Prerequisites: Target must be running a vulnerable version of Selenium Server (Grid) · Network access to the Selenium Server (Grid) on port 4444
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List, Not Applicable, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2022/02/07/3
Product, Vendor Advisory x_refsource_misc
https://www.selenium.dev/downloads/

Scores

CVSS v3 8.8
EPSS 0.2237
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (4)
org.seleniumhq.selenium/selenium-grid 0 - 4.0.0-alpha-7Maven
org.seleniumhq.selenium/selenium-server 0Maven
selenium/selenium_grid 4.0.0 (7 CPE variants)
selenium/selenium_grid < 4.0.0
Published Apr 19, 2022
Tracked Since Feb 18, 2026