Critical severity9.8NVD Advisory· Published Jun 27, 2024· Updated Apr 15, 2026

CVE-2024-6127

Description

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.

Patches

e73e88340b14

https://github.com/BC-SECURITY/Empirevia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

aceresponder.com/blog/exploiting-empire-c2-frameworknvd
github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.mdnvd
vulncheck.com/advisories/empire-unauth-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.053
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000