CVE-2024-58287

UNKNOWN 0.0

reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote code execution during scan engine configuration.

CWE	CWE-78
Vendor	rengine
Product	rengine
Published	Dec 11, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for rengine rengine

Be the first to know when new unknown vulnerabilities affecting rengine rengine are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

rengine / reNgine

2.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52081 rengine.wiki: https://rengine.wiki/ github.com: https://github.com/yogeshojha/rengine vulncheck.com: https://www.vulncheck.com/advisories/rengine-authenticated-command-injection-via-scan-engine-configuration

Credits

Caner Tercan