Skip to main content

Chatwoot CVE-2021-3649

HIGH
Inefficient Regular Expression Complexity (ReDoS) (CWE-1333)
2021-07-16 security@huntr.dev
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 16, 2021 - 14:15 nvd
HIGH 7.5

DescriptionNVD

chatwoot is vulnerable to Inefficient Regular Expression Complexity

AnalysisAI

chatwoot is vulnerable to Inefficient Regular Expression Complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-1333. chatwoot is vulnerable to Inefficient Regular Expression Complexity Affected products include: Chatwoot.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-3741 CRITICAL POC
9.8 Oct 28

Impact varies for each individual vulnerability in the application. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2022-2901 HIGH POC
7.1 Sep 06

Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. Rated high severity (CVSS 7.1), this vulnera

CVE-2022-0542 MEDIUM POC
6.1 Aug 19

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. Rated medium severity (CVSS 6.1)

CVE-2022-1021 MEDIUM POC
5.4 Aug 19

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. Rated medium severity (

CVE-2022-1022 MEDIUM POC
5.4 Apr 21

Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0. Rated medium severity (CVSS 5

CVE-2024-0640 MEDIUM POC
4.8 Mar 20

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. Rated medium seve

CVE-2026-44706 HIGH
8.5 May 26

SQL injection in Chatwoot versions 2.2.0 through 4.11.1 allows any authenticated account user to execute arbitrary SQL v

CVE-2026-44707 MEDIUM
6.8 May 26

Pre-Account Takeover in Chatwoot's OmniAuth integration affects all releases from 2.14.0 through 4.12.x, allowing an att

CVE-2025-12246 LOW POC
2.1 Oct 27

Cross-site scripting (XSS) in Chatwoot up to version 4.7.0 allows remote attackers to inject malicious scripts via the L

CVE-2023-2109 MEDIUM
6.1 Apr 17

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0. Rated medium severity (CVSS 6.1

CVE-2026-4990 MEDIUM
5.5 Mar 27

Improper authorization in Chatwoot up to version 4.11.1 allows remote unauthenticated attackers to bypass authentication

CVE-2026-5205 LOW
2.1 Mar 31

Server-side request forgery (SSRF) in Chatwoot up to version 4.11.2 allows authenticated remote attackers to manipulate

Share

CVE-2021-3649 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy