CVE-2020-36911 PUBLISHED

Covenant 0.5 - Remote Code Execution (RCE)

Assigner: VulnCheck
Reserved: 03.01.2026 Published: 13.01.2026 Updated: 05.03.2026

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor Cobbr
Product Covenant
Versions
  • affected from 0.1.3 to 0.5 (incl.)

Credits

  • coastal finder

References

Problem Types

  • Use of Hard-coded Credentials CWE