Unrated severityCISA KEVNVD Advisory· Published May 31, 2024· Updated Nov 22, 2025

Rejetto HTTP File Server 2.3m Unauthenticated RCE

CVE-2024-23692

Description

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

Affected products

Rejetto/HTTP File Serverv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/mitrethird-party-advisorytechnical-description
vulncheck.com/advisories/rejetto-unauth-rcemitrethird-party-advisory
github.com/rapid7/metasploit-framework/pull/19240mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000