CVE-2024-23741

CRITICAL

Hyper < 3.4.1 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23741. PoCs published by giovannipajeu1.

AI-analyzed exploit summary The repository provides a technical writeup for CVE-2024-23741, detailing how a remote attacker can execute arbitrary code in Hyper (macOS) via misconfigured Node.js settings. It references the 'electroniz3r' tool for vulnerability validation and includes screenshots of the exploitation process.

Description

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Exploits (1)

nomisec WRITEUP
by giovannipajeu1 · poc
https://github.com/giovannipajeu1/CVE-2024-23741

The repository provides a technical writeup for CVE-2024-23741, detailing how a remote attacker can execute arbitrary code in Hyper (macOS) via misconfigured Node.js settings. It references the 'electroniz3r' tool for vulnerability validation and includes screenshots of the exploitation process.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Hyper through 3.4.1 on macOS
No auth needed
Prerequisites: Access to the target system's Hyper application · Misconfigured 'RunAsNode' and 'enableNodeClilnspectArguments' settings
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0157
EPSS Percentile 72.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
vercel/hyper < 3.4.1
Published Jan 28, 2024
Tracked Since Feb 18, 2026