Cyber Resilience

CVE-2021-36770

High

Published: 11 August 2021

Published
11 August 2021
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0011 28.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-36770 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Fedoraproject Fedora. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other AI Platforms.

EU & UK References

Vulnerability details

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm…

more

(3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.

CWE(s)

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: trojan

Related Threats

Affected Assets

p5-encode project
p5-encode
3.05 — 3.12
fedoraproject
fedora
33, 34

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References