CVE-2020-36911

Covenant 0.5 - Remote Code Execution (RCE)

Description

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.

INFO

Published Date :

2026-01-13T22:51:37.380Z

Last Modified :

2026-03-05T01:26:55.652Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2020-36911 vulnerability.

Vendors	Products
Cobbr	Covenant

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2020-36911.

URL	Resource
https://cobbr.io/Covenant.html
https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb
https://github.com/cobbr/Covenant
https://web.archive.org/web/20201013165001/https://twitter.com/cobbr_io/status/1316058367161401344
https://web.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-hunters
https://www.exploit-db.com/exploits/51141
https://www.vulncheck.com/advisories/covenant-remote-code-execution-rce