CVE-2022-36640

Name: CVE-2022-36640
Creator: NVD / NIST
Published: 2022-09-02T21:15:16.427+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.93%

Last modified Jun 17, 2026

CVE-2022-36640 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. EPSS estimates a 1.93% chance of exploitation in the next 30 days.

Description

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.93%

77.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-276

Affected Software

Vendor	Product	Versions
Influxdata	Influxdb	< 1.8.0

References

http://influxdata.comProduct
http://influxdb.comProduct
http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docxBroken Link
https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.debPatch, Vendor Advisory
https://portal.influxdata.com/downloads/Patch, Product
https://www.influxdata.com/Product
http://influxdata.comProduct
http://influxdb.comProduct
http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docxBroken Link
https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.debPatch, Vendor Advisory
https://portal.influxdata.com/downloads/Patch, Product
https://www.influxdata.com/Product

Timeline

Published: Sep 2, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-36640?

How severe is CVE-2022-36640?

CVE-2022-36640 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.93% probability of exploitation in the next 30 days.

How do I fix CVE-2022-36640?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-36640?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST