CVE-2022-41128

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 6 articles
VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24
39.24%
probability
This CVE has a 39.24% probability of being exploited in the next 30 days.
0% Top 97.3th percentile of all CVEs 100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero
JScript9 remote code execution

Attack Intelligence

Google Project Zero

Patched
Nov. 8, 2022
Reported by
Clément Lecigne of Google’s Threat Analysis Group
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-41128.html

Signal Intelligence

Confidence
78%
EPSS 39.24%
Mentions 6
Last Seen Oct 16, 2024

CNA Information

Analyst Note

CVE-2022-41128 is confirmed as a Windows Scripting Languages RCE vulnerability with high CVSS score (8.8) and documented evidence of active exploitation in malicious ad campaigns. While not yet listed in CISA KEV at time of assessment, the inclusion in Google Project Zero and coverage by reputable security sources (BleepingComputer, CERT-EU) substantiates the confirmed status, though the limited article count suggests ongoing investigation.

Threat Actors 7

Lazarus Group
apt_group Information theft and espionage 🇰🇵 KP
APT37
apt_group Information theft and espionage 🇰🇵 KP
APT 28
apt_group Information theft and espionage 🇷🇺 RU
Harvester
apt_group Information theft and espionage Unknown
Infy
apt_group Information theft and espionage 🇮🇷 IR
Cyber Alliance
apt_group 🇺🇦 UA
Ukrainian Cyber Alliance
apt_group 🇺🇦 UA

Triage Info

Decided atMar 03, 2026