CVE-2022-36934

CRITICAL

WhatsApp < 2.22.16.12 - Remote Code Execution via Integer Overflow in Video Call

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-36934. PoCs published by tdawg506, Teexo.

AI-analyzed exploit summary This repository contains a Metasploit module for exploiting CVE-2022-36934, an authentication bypass vulnerability in MailEnable leading to remote code execution. The exploit targets improper input sanitization in SMTP/POP3 and supports both x86 and x64 Windows targets.

Description

An integer overflow in WhatsApp could result in remote code execution in an established video call.

Exploits (2)

nomisec WORKING POC

by tdawg506 · poc

https://github.com/tdawg506/mailenable-cve-2022-36934

View Code ZIP pw:eip

This repository contains a Metasploit module for exploiting CVE-2022-36934, an authentication bypass vulnerability in MailEnable leading to remote code execution. The exploit targets improper input sanitization in SMTP/POP3 and supports both x86 and x64 Windows targets.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MailEnable versions < 10.40

No auth needed

Prerequisites: Network access to SMTP/POP3 ports (25/110) · Metasploit framework

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 18, 2026 Full analysis →

nomisec WORKING POC

by Teexo · poc

https://github.com/Teexo/mailenable-cve-2022-36934

View Code ZIP pw:eip

This repository contains a Metasploit module for exploiting CVE-2022-36934, an authentication bypass vulnerability in MailEnable leading to remote code execution. The exploit leverages improper input sanitization in SMTP/POP3 services and supports both x86 and x64 Windows targets.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MailEnable versions < 10.40

No auth needed

Prerequisites: Network access to SMTP/POP3 ports (25/110) · Target running vulnerable MailEnable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.whatsapp.com/security/advisories/2022/

Scores

CVSS v3 9.8

EPSS 0.0193

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-122 CWE-190

Status published

Products (2)

whatsapp/whatsapp < 2.22.16.12 (2 CPE variants)

whatsapp/whatsapp_business < 2.22.16.12 (2 CPE variants)

Published Sep 22, 2022

Tracked Since Feb 18, 2026