Server-Side Request Forgery Vulnerability in GREENmod by Nomios
CVE-2026-5131

6.9MEDIUM

Key Information:

Vendor: NomiOS Poland
Status: Greenmod
Vendor: CVE Published:; 17 April 2026

🔔 Create NomiOS Poland Vulnerability Alert

What is CVE-2026-5131?

GREENmod utilizes named pipes for communication between its various plugins, the web portal, and system service. However, due to improperly configured access control lists for these named pipes, an attacker can exploit this vulnerability. This exploitation allows for unauthorized communication with the named pipe stream, enabling the upload of any XML or JSON file. Once uploaded, the content is processed with the service's operating user privileges. This flaw permits Server-Side Request Forgery attacks against any Windows system where the GREENmod agent is installed, specifically impacting systems that communicate via SMB or WebDav protocols. A fix was introduced in version 2.8.33.

Affected Version(s)

GREENmod 0 < 2.8.33

References

https://www.nomios.pl/greenmod/

product

https://cert.pl/posts/2026/04/CVE-2026-5131

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Mar 30, 2026

Credit

Marcin Ressel

CVE-2026-5131 Data

JSON