CVE-2024-23739

CRITICAL

Discord < 0.0.291 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-23739. PoCs published by giovannipajeu1.

AI-analyzed exploit summary The repository provides a technical writeup for CVE-2024-23739, detailing how Discord on macOS (up to version 0.0.291) is vulnerable to remote code execution via misconfigured Electron settings (`RunAsNode` and `enableNodeClilnspectArguments`). It references the `electroniz3r` tool for vulnerability detection and includes screenshots of the exploitation process.

Description

An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Exploits (2)

nomisec WRITEUP 3 stars

by giovannipajeu1 · poc

https://github.com/giovannipajeu1/CVE-2024-23739

View Code ZIP pw:eip

The repository provides a technical writeup for CVE-2024-23739, detailing how Discord on macOS (up to version 0.0.291) is vulnerable to remote code execution via misconfigured Electron settings (`RunAsNode` and `enableNodeClilnspectArguments`). It references the `electroniz3r` tool for vulnerability detection and includes screenshots of the exploitation process.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Discord (macOS) <= 0.0.291

No auth needed

Prerequisites: Victim interaction (e.g., opening a malicious link) · Discord application running on macOS

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

inthewild WRITEUP

poc

https://github.com/v3x0r/cve-2024-23739

View Code ZIP pw:eip

The repository provides a technical writeup for CVE-2024-23739, detailing how a remote attacker can execute arbitrary code in Discord for macOS via misconfigured Electron settings (RunAsNode and enableNodeClilnspectArguments). It references the electroniz3r tool for vulnerability detection and includes screenshots of the exploitation process.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Discord through 0.0.291 on macOS

No auth needed

Prerequisites: Access to a vulnerable Discord instance on macOS · Ability to deliver crafted payloads

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://www.electronjs.org/blog/statement-run-as-node-cves

Exploit

https://github.com/V3x0r/CVE-2024-23739

Scores

CVSS v3 9.8

EPSS 0.3577

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

Status published

Products (1)

discord/discord < 0.0.291

Published Jan 28, 2024

Tracked Since Feb 18, 2026