This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00162.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Bitrix24 Subscribe
Bitrix24 Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Bitrix24 Subscribe
Bitrix24 Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Fri, 16 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Fri, 16 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Title Bitrix24 - Remote Code Execution (RCE) (Authenticated)
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Bitrix24 contains an authenticated remote code execution vulnerability that allows logged-in attackers to execute arbitrary system commands through the PHP command line admin interface. Attackers can leverage the vulnerability by sending crafted POST requests to the administrative endpoint with system commands to execute code with the web application's privileges. This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Wed, 14 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Bitrix24
Bitrix24 bitrix24
Vendors & Products Bitrix24
Bitrix24 bitrix24

Tue, 13 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description Bitrix24 contains an authenticated remote code execution vulnerability that allows logged-in attackers to execute arbitrary system commands through the PHP command line admin interface. Attackers can leverage the vulnerability by sending crafted POST requests to the administrative endpoint with system commands to execute code with the web application's privileges.
Title Bitrix24 - Remote Code Execution (RCE) (Authenticated)
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: REJECTED

Assigner: VulnCheck

Published:

Updated: 2026-01-16T14:31:21.289Z

Reserved: 2026-01-11T13:14:18.876Z

Link: CVE-2022-50911

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2026-01-13T23:15:54.173

Modified: 2026-01-16T15:15:50.440

Link: CVE-2022-50911

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-01-14T10:49:27Z

Weaknesses

No weakness.