CVE-2024-27348

CRITICAL KEV NUCLEI

Apache HugeGraph-Server - Remote Command Execution

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2024-27348 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 18, 2024. EIP tracks 9 public exploits from researchers including Yesith Alvarez, Zeyad-Azima, kljunowsky, including a Metasploit module exploits/linux/http/apache_hugegraph_gremlin_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages a Gremlin query injection vulnerability in Apache HugeGraph Server to execute arbitrary commands, resulting in a reverse shell. The payload manipulates Java reflection to spawn a ProcessBuilder with a bash reverse shell command.

Description

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Exploits (9)

exploitdb WORKING POC
by Yesith Alvarez · pythonwebappsjava
https://www.exploit-db.com/exploits/52149

This exploit leverages a Gremlin query injection vulnerability in Apache HugeGraph Server to execute arbitrary commands, resulting in a reverse shell. The payload manipulates Java reflection to spawn a ProcessBuilder with a bash reverse shell command.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HugeGraph Server 1.0.0 - 1.2.0
No auth needed
Prerequisites: Network access to the target server · A listener set up on the attacker's machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 61 stars
by Zeyad-Azima · remote
https://github.com/Zeyad-Azima/CVE-2024-27348

This repository contains a Python-based scanner and exploit for CVE-2024-27348, an RCE vulnerability in Apache HugeGraph server versions 1.0.0 to 1.3.0. The exploit leverages Gremlin query injection to execute arbitrary commands (ping, curl, wget, host) via Java reflection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HugeGraph server 1.0.0 to 1.3.0
No auth needed
Prerequisites: Network access to the Gremlin endpoint · Target running vulnerable HugeGraph version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 18 stars
by kljunowsky · remote
https://github.com/kljunowsky/CVE-2024-27348

This is a functional proof-of-concept exploit for CVE-2024-27348, demonstrating unauthenticated remote code execution in Apache HugeGraph Server via Groovy injection. The exploit sends crafted JSON payloads to the '/gremlin' endpoint, leveraging reflection to execute arbitrary OS commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HugeGraph Server
No auth needed
Prerequisites: Network access to the target server · Apache HugeGraph Server with vulnerable '/gremlin' endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by jakabakos · remote
https://github.com/jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE

This repository contains a functional proof-of-concept exploit for CVE-2024-27348, a critical RCE vulnerability in Apache HugeGraph Server. The exploit leverages Gremlin traversal language to bypass sandbox restrictions and execute arbitrary commands via Java reflection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HugeGraph Server versions 1.0.0 to 1.2.0
No auth needed
Prerequisites: Network access to the Gremlin endpoint · Target running vulnerable HugeGraph Server version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by akelaqe · remote
https://github.com/akelaqe/CVE-2024-27348-HugeGraph-RCE

This repository contains a functional exploit for CVE-2024-27348, targeting Apache HugeGraph Server. The exploit leverages Java Reflection to bypass the HugeSecurityManager sandbox and executes arbitrary commands via ProcessBuilder, providing reliable RCE with output capture.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HugeGraph Server (versions prior to patching)
No auth needed
Prerequisites: Python 3.x · requests library · access to the Gremlin API endpoint
devstral-2 · analyzed Apr 09, 2026 Full analysis →
nomisec WORKING POC
by wqfh · poc
https://github.com/wqfh/CVE-2024-27348

This repository contains a functional exploit for CVE-2024-27348, targeting Apache Huge-Graph-Server via Gremlin query injection to deploy a PHP web shell. It includes both an exploit script and a bind shell client for interactive command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Huge-Graph-Server ≤ 3.7.1
No auth needed
Prerequisites: Python 3.7+ · Target running vulnerable Apache Huge-Graph-Server · PHP installed on target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by p0et08 · remote
https://github.com/p0et08/CVE-2024-27348

This repository contains a functional proof-of-concept exploit for CVE-2024-27348, a remote code execution vulnerability in Apache HugeGraph Server. The exploit leverages Gremlin query injection to execute arbitrary commands on the target system via Java reflection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HugeGraph Server (versions up to 1.2.0)
No auth needed
Prerequisites: Network access to the HugeGraph Server Gremlin endpoint · Python environment with 'requests' library
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/wqfh/MasterOfTheIndestry

This repository contains functional exploit code for CVE-2024-27348, targeting Apache Huge-Graph-Server via Gremlin query injection to achieve remote code execution. It includes both an exploit script to deploy a PHP web shell and a bind shell client for interaction.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Huge-Graph-Server ≤ 3.7.1
No auth needed
Prerequisites: Python 3.7+ · Target running vulnerable Apache Huge-Graph-Server · PHP installed on target
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by 6right, jheysel-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb

This Metasploit module exploits CVE-2024-27348, a Remote Code Execution (RCE) vulnerability in Apache HugeGraph Server versions before 1.3.0. It bypasses sandbox restrictions via Gremlin to execute arbitrary commands on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HugeGraph Server < 1.3.0
No auth needed
Prerequisites: Network access to the target server · Gremlin endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache HugeGraph-Server - Remote Command Execution
HIGHVERIFIEDby DhiyaneshDK
Shodan: title:"HugeGraph"
FOFA: title="HugeGraph"

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.9434
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-09-18
VulnCheck KEV 2024-07-15
InTheWild.io 2024-09-18
ENISA EUVD EUVD-2024-1059
CWE
CWE-284
Status published
Products (3)
apache/hugegraph 1.0.0 - 1.3.0
org.apache.hugegraph/hugegraph-api 1.0.0 - 1.3.0Maven
org.apache.hugegraph/hugegraph-core 1.0.0 - 1.3.0Maven
Published Apr 22, 2024
KEV Added Sep 18, 2024
Tracked Since Feb 18, 2026