CVE-2022-50925 HIGH

CVE-2022-50925: Prowise Reflect v1.0.9 - Remote Keystroke Injection

Vendor Prowise
Product Prowise Reflect
Weakness CWE-346 · Origin validation
Published January 13, 2026
Last update April 7, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.

Key dates

02Disclosure timeline

January 13, 2026 CVE published
April 7, 2026 Record updated