Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml_9249226C-A7B2-58E2-8CE2-1026EA47A077 -...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

yaml-payload Exploit payload JAR for demonstrating CVE-2022-1471 SnakeYAML arbitrary code execution. When loaded via SnakeYAML's !! type tag deserialization, this JAR opens Calculator on macOS as proof of Remote Code Execution. Usage Paste into any...

Visit Original Source

Basic Information

ID 9249226C-A7B2-58E2-8CE2-1026EA47A077

Published Feb 5, 2026 at 22:06

{
    "lastseen": "2026-02-05T22:13:57",
    "description": "yaml-payload Exploit payload JAR for demonstrating CVE-2022-1471 SnakeYAML arbitrary code execution. When loaded via SnakeYAML's !! type tag deserialization, this JAR opens Calculator on macOS as proof of Remote Code Execution. Usage Paste into any...",
    "published": "2026-02-05T22:06:07",
    "modified": "2026-02-05T22:06:13",
    "type": "githubexploit",
    "title": "Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml",
    "source": "",
    "references": "",
    "id": "9249226C-A7B2-58E2-8CE2-1026EA47A077",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2022-1471"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://github.com/seal-sec-demo-2/yaml-payload",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply