Cyber Resilience

CVE-2024-44722

CriticalRCE

Published: 20 March 2026

Published
20 March 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0050 39.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2024-44722 is a critical-severity Code Injection (CWE-94) vulnerability in Anolis Sysak. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-44722 is a critical command injection vulnerability (CWE-94) affecting SysAK versions v2.0 and earlier, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The flaw enables arbitrary command execution through malicious input, such as "aaa;cat /etc/passwd", in this open-source system analysis and kernel troubleshooting tool developed by Anolis OS.

An unauthenticated attacker with network access can exploit the vulnerability with low complexity and no user interaction required. Successful exploitation grants high-impact privileges, allowing full compromise of confidentiality, integrity, and availability on affected systems, such as reading sensitive files or executing arbitrary code remotely.

Advisories and additional details are available at https://gist.github.com/0x00dream2/9984c109101c0b1e352f8ee9ad5e40fe#file-cve-2024-44722, while the SysAK project repository at https://gitee.com/anolis/sysak provides information on patches and updates for mitigation.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Remote unauthenticated command injection RCE in network-accessible SysAK tool directly enables T1190 exploitation and T1059.004 Unix shell arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26830Shared CWE-94
CVE-2024-54804Shared CWE-94
CVE-2025-67038Shared CWE-94
CVE-2024-54806Shared CWE-94
CVE-2024-36057Shared CWE-94
CVE-2026-25001Shared CWE-94
CVE-2025-26003Shared CWE-94
CVE-2024-23921Shared CWE-94
CVE-2026-30305Shared CWE-94
CVE-2024-54805Shared CWE-94

Affected Assets

anolis
sysak
≤ 2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-44722 by identifying, reporting, and correcting the command injection flaw through timely patching as available in the SysAK repository.

prevent

Prevents arbitrary command execution by implementing input validation mechanisms at entry points to reject malicious payloads like 'aaa;cat /etc/passwd'.

prevent

Reduces the impact of successful exploitation by enforcing least privilege on the SysAK tool, limiting privileges available for injected commands.

References