Cyber Posture

CVE-2021-47949

HighPublic PoC

Published: 10 May 2026

Published
10 May 2026
Modified
10 May 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score N/A
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47949 is a high-severity Link Following (CWE-59) vulnerability in Cyberpanel (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

NVD Description

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to…

more

create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-59

Affected Products

Cyberpanel
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-66680Shared CWE-59
CVE-2026-31979Shared CWE-59
CVE-2025-66277Shared CWE-59
CVE-2025-43257Shared CWE-59
CVE-2026-41231Shared CWE-59
CVE-2025-15319Shared CWE-59
CVE-2025-21322Shared CWE-59
CVE-2025-1683Shared CWE-59
CVE-2026-27748Shared CWE-59
CVE-2025-60710Shared CWE-59

References