CVE-2022-1040

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 5 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

94.44%

probability

This CVE has a 94.44% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Authentication bypass allowing RCE

Google Project Zero

Patched

March 25, 2022

Reported by

???

Root Cause Analysis

???

Exploits & PoC

Keith-amateur/cve-2022-1040

Save the trouble to open the burpsuite...

Cyb3rEnthusiast/CVE-2022-1040

New exploitation of 2020 Sophos vuln

2 repos — triés par ⭐ Rechercher sur GitHub ↗

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

TheHackerNews

Security Advisory 2022-021

CERT-EU Mar 28, 2022

U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

TheHackerNews

Sophos Firewall zero-day bug exploited weeks before fix

BleepingComputer Jun 16, 2022

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

TheHackerNews

Signal Intelligence

Confidenceⓘ

92%

EPSS 94.44%

Mentions 5

Last Seen Jun 16, 2022

CNA Information

Analyst Note

This CVE demonstrates critical severity (CVSS 9.8) with authentication bypass and RCE capabilities in Sophos Firewall, corroborated by CERT-EU advisory and Google Project Zero inclusion. The authentication bypass affecting the User Portal and Webadmin across multiple versions represents a confirmed, exploitable vulnerability with high impact on enterprise security infrastructure.