Cyber Resilience

CVE-2021-47761

HighPublic PoC

Published: 15 January 2026

Published
15 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 6.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47761 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Millegpg (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2021-47761 is a local privilege escalation vulnerability in MilleGPG5 version 5.7.2. It stems from incorrect default permissions (CWE-276) that allow authenticated users to modify service executable files in the MariaDB bin directory. Specifically, attackers can replace the mysqld.exe file with a malicious executable, which will then execute with system privileges upon computer restart. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Local authenticated users with low privileges can exploit this vulnerability to achieve privilege escalation to system level. By overwriting mysqld.exe in the MariaDB bin directory, an attacker positions a malicious binary to run automatically with elevated privileges during system reboot, potentially enabling full system compromise, persistence, or further lateral movement.

Advisories and related resources are available at https://millegpg.it/, while a proof-of-concept exploit is published at https://www.exploit-db.com/exploits/50558, confirming practical exploitability. The vulnerability was published on 2026-01-15T16:16:07.160.

EU & UK References

Vulnerability details

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer…

more

restarts.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Weak file permissions on MariaDB service binary (mysqld.exe) directly enable binary replacement for SYSTEM-level execution on restart, matching Services File Permissions Weakness and Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-10314Shared CWE-276
CVE-2025-57625Shared CWE-276
CVE-2020-37129Shared CWE-276
CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2024-43769Shared CWE-276
CVE-2025-0543Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2025-24267Shared CWE-276

Affected Assets

Millegpg
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents low-privileged authenticated users from modifying critical service executable files like mysqld.exe in the MariaDB bin directory.

prevent

Restricts modification of configuration-controlled system components, such as executable files in privileged directories, to authorized users only.

prevent

Mandates and implements restrictive configuration settings, including file permissions, to address incorrect defaults allowing writes to the MariaDB bin directory.

References