Cyber Resilience

CVE-2022-36127

High

Published: 18 July 2022

Published
18 July 2022
Modified
10 December 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0516 90.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-36127 is a high-severity an unspecified weakness vulnerability in Apache Skywalking Nodejs Agent. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability CVE-2022-36127 resides in Apache SkyWalking NodeJS Agent versions prior to 0.5.1. When the Observability Analysis Platform (OAP) is unhealthy and the agent cannot establish a connection, affected NodeJS services become unavailable, producing a CVSS 7.5 impact strictly on availability.

An unauthenticated network attacker can trigger the condition by preventing the agent from reaching a healthy OAP instance, resulting in denial of service to the instrumented NodeJS application without any privileges or user interaction required.

Public advisories and patch information are available in the referenced Apache mailing-list threads and OpenWall oss-security postings, which document the fix released in version 0.5.1.

The associated EPSS score has remained flat at 0.0516 with no material rise after disclosure.

EU & UK References

Vulnerability details

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
skywalking nodejs agent
≤ 0.5.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References