CVE-2022-1681

⚠️ high

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions

CVSS Score

7.2

High

EPSS Score

0.3

Exploit Probability

Published Date

2022-05-12

First Seen: 2026-01-05

This CVE is Moderate Risk - more severe than 55.5% of all 326,604 vulnerabilities in our database.

#145,309

Above average severity

Severity Percentile

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-288 CWE-287

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
requarks	wiki.js	Affected	< 2.5.281

Patch Third Party Advisory

Exploit Third Party Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-44224	⚠️ high	8.8	0.1	Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbi...	2026-05-12
CVE-2025-56643	⛔ critical	9.1	0.1	Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, pre...	2025-11-18
CVE-2022-23654	⚠️ high	8.1	0.2	Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set...	2022-02-22
CVE-2021-25993	🔶 medium	5.4	0.2	In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged...	2021-12-29
CVE-2021-43855	⚠️ high	8.2	0.4	Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through...	2021-12-27
CVE-2021-43856	⚠️ high	8.2	0.4	Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through...	2021-12-27

These CVEs affect the same products