CVE-2023-33246

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

94.39%

probability

This CVE has a 94.39% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-913 · Improper Control of Dynamically-Managed Code Resources CWE-94 · Code Injection

Exploits & PoC

Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT

CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit

104

vulncheck-oss/fetch-broker-conf

A go-exploit for fetching the RocketMQ broker configuration in order to discover indicators of compromise for CVE-2023-33246

0xKayala/CVE-2023-33246

CVE-2023-33246 - Apache RocketMQ config RCE

d0rb/CVE-2023-33246

CVE-2023-33246 POC

4 repos — triés par ⭐ Rechercher sur GitHub ↗

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits

TheHackerNews

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

TheHackerNews

Signal Intelligence

Confidenceⓘ

78%

EPSS 94.39%

Mentions 2

CNA Information

Analyst Note

CVE-2023-33246 is explicitly documented as actively exploited in the wild by the Muhstik botnet for remote code execution against Apache RocketMQ servers. The 2023 CVE year combined with immediate active exploitation reports indicates exploitation occurred concurrent with or shortly after disclosure, meeting zero-day criteria.

Threat Actors 2

Lazarus Group

apt_group Information theft and espionage 🇰🇵 KP

Kinsing

apt_group 🇷🇺 RU

Triage Info

Decided atMar 20, 2026