CVE-2022-46164

CRITICAL

NodeBB < 2.6.1 - Account Takeover via Prototype Pollution in Socket.IO Message Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-46164. PoCs published by stephenbradshaw.

AI-analyzed exploit summary This PoC exploits CVE-2022-46164, an authentication bypass vulnerability in NodeBB, by manipulating socket.io sessions to escalate privileges to admin and retrieve API tokens. It demonstrates the vulnerability by sending crafted socket.io messages to achieve privilege escalation.

Description

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.

Exploits (1)

nomisec WORKING POC 12 stars

by stephenbradshaw · poc

https://github.com/stephenbradshaw/CVE-2022-46164-poc

View Code ZIP pw:eip

This PoC exploits CVE-2022-46164, an authentication bypass vulnerability in NodeBB, by manipulating socket.io sessions to escalate privileges to admin and retrieve API tokens. It demonstrates the vulnerability by sending crafted socket.io messages to achieve privilege escalation.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: NodeBB (version not specified)

No auth needed

Prerequisites: Network access to the target NodeBB instance · Socket.io endpoint accessibility

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Third Party Advisory x_refsource_confirm

https://github.com/NodeBB/NodeBB/security/advisories/GHSA-rf3g-v8p5-p675

Patch, Third Party Advisory x_refsource_misc

https://github.com/NodeBB/NodeBB/commit/48d143921753914da45926cca6370a92ed0c46b8

View Patch ZIP pw:eip

Scores

CVSS v3 9.4

EPSS 0.5684

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-665

Status published

Products (2)

nodebb/nodebb < 2.6.1

npm/nodebb 0 - 2.6.1npm

Published Dec 05, 2022

Tracked Since Feb 18, 2026