Inbit Messenger 4.9.0 - Unauthenticated Remote Command Execution (RCE) | Advisories

Advisories

Inbit Messenger 4.9.0 - Unauthenticated Remote Command Execution (RCE)

severity: critical
date: 1/13/2026
Affecting: Inbit Messenger <= 4.9.0
CVE: CVE-2023-54329
CWE: CWE-121 Stack-based Buffer Overflow
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-51127
Archived Software Download Page
Exploit Write-Up
Credit: a-rey
Description: Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload to trigger the vulnerability and execute commands with system privileges.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo