CVE-2022-30136

CRITICAL EXPLOITED

Windows Network File System - Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2022-30136 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including fortra, AXRoux.

AI-analyzed exploit summary This PoC exploits CVE-2022-30136, a buffer overflow in Windows Network File System (NFS) due to incorrect size calculation in COMPOUND REQUEST handling. It sends crafted NFS packets to trigger the vulnerability, potentially leading to remote code execution.

Description

Windows Network File System Remote Code Execution Vulnerability

Exploits (2)

nomisec WORKING POC 14 stars

by fortra · remote

https://github.com/fortra/CVE-2022-30136

View Code ZIP pw:eip

This PoC exploits CVE-2022-30136, a buffer overflow in Windows Network File System (NFS) due to incorrect size calculation in COMPOUND REQUEST handling. It sends crafted NFS packets to trigger the vulnerability, potentially leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Windows Server 2019 NFS (nfssvr.sys)

No auth needed

Prerequisites: Network access to target NFS service (port 2049) · Vulnerable Windows Server 2019 with NFS enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by AXRoux · dos

https://github.com/AXRoux/CVE-2022-30136

View Code ZIP pw:eip

This PoC exploits CVE-2022-30136, a vulnerability in Windows Network File System (NFS) that leads to a denial-of-service (DoS) condition. The exploit sends malformed NFS packets to trigger the vulnerability on affected Windows Server versions.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Windows Server 2016, 2019 (NFS service)

No auth needed

Prerequisites: Network access to the target's NFS service (port 2049)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136

Mitigation, Patch, Vendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30136

Scores

CVSS v3 9.8

EPSS 0.3778

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-05-02

Status published

Products (4)

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_server_2016

microsoft/windows_server_2019

Published Jun 15, 2022

Tracked Since Feb 18, 2026