CVE-2022-4116
Published: 22 November 2022
Summary
CVE-2022-4116 is a critical-severity an unspecified weakness vulnerability in Quarkus Quarkus. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 13.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A vulnerability was identified in the Quarkus Dev UI Config Editor that permits drive-by localhost attacks resulting in remote code execution. The flaw affects the Quarkus framework and carries a CVSS 3.1 score of 9.8, reflecting network-accessible exploitation without authentication or user interaction.
An attacker can target the exposed development interface from a remote system, leveraging the localhost attack vector to execute arbitrary code on the affected host and obtain full confidentiality, integrity, and availability impact.
EPSS for the CVE rose from low values to a peak of 0.1890 on 2025-12-11 before receding to the current 0.0290, indicating a period of increased exploitation interest after disclosure that later subsided. Red Hat advisory pages reference the issue but supply no additional mitigation details in the available records.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-7338
Vulnerability details
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.