Cyber Resilience

CVE-2021-46850

HighPublic PoC

Published: 24 October 2022

Published
24 October 2022
Modified
07 May 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0934 92.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-46850 is a high-severity Argument Injection (CWE-88) vulnerability in Vestacp Control Panel. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vestacp
control panel
≤ 0.9.8-26-43
vestacp
vesta control panel
≤ 0.9.8-26

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References