CVE-2021-47746

HIGH
2026-01-21 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 26, 2026 - 15:04 vuln.today
Public exploit code
CVE Published
Jan 21, 2026 - 18:16 nvd
HIGH 7.5

Tags

Path Traversal

Description

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.

Analysis

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. [CVSS 7.5 HIGH]

Technical Context

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.

Affected Products

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that

Remediation

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.

Priority Score

58
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +38
POC: +20

Share

CVE-2021-47746 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy