What is the CVSS score of CVE-2021-47746?

CVE-2021-47746 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.2%.

Which versions of Emoji are affected by CVE-2021-47746?

Organizations using NodeBB Plugin Emoji 3.2.1 face notable risk from CVE-2021-47746 rated CVSS 7.5. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2021-47746?

Yes, a public proof-of-concept exploit is available for CVE-2021-47746. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2021-47746?

Within 7 days: Identify all affected systems running Emoji 3.2.1 contains an arbitrary file write vulnerability t and apply vendor patches promptly. Monitor vendor channels for patch availability.

Emoji CVE-2021-47746

HIGH

External Control of File Name or Path (CWE-73)

2026-01-21 disclosure@vulncheck.com

Path Traversal

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Jan 26, 2026 - 15:04 vuln.today

Public exploit code

CVE Published

Jan 21, 2026 - 18:16 nvd

HIGH 7.5

DescriptionCVE.org

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.

AnalysisAI

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. [CVSS 7.5 HIGH]

Technical ContextAI

Affected ProductsAI

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that

RemediationAI

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.

CVE-2021-47746 vulnerability details – vuln.today

Back

Emoji CVE-2021-47746

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code