CVE-2021-47761
Published: 15 January 2026
Summary
CVE-2021-47761 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Millegpg (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2021-47761 is a local privilege escalation vulnerability in MilleGPG5 version 5.7.2. It stems from incorrect default permissions (CWE-276) that allow authenticated users to modify service executable files in the MariaDB bin directory. Specifically, attackers can replace the mysqld.exe file with a malicious executable, which will then execute with system privileges upon computer restart. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.
Local authenticated users with low privileges can exploit this vulnerability to achieve privilege escalation to system level. By overwriting mysqld.exe in the MariaDB bin directory, an attacker positions a malicious binary to run automatically with elevated privileges during system reboot, potentially enabling full system compromise, persistence, or further lateral movement.
Advisories and related resources are available at https://millegpg.it/, while a proof-of-concept exploit is published at https://www.exploit-db.com/exploits/50558, confirming practical exploitability. The vulnerability was published on 2026-01-15T16:16:07.160.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2779
Vulnerability details
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer…
more
restarts.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Weak file permissions on MariaDB service binary (mysqld.exe) directly enable binary replacement for SYSTEM-level execution on restart, matching Services File Permissions Weakness and Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents low-privileged authenticated users from modifying critical service executable files like mysqld.exe in the MariaDB bin directory.
Restricts modification of configuration-controlled system components, such as executable files in privileged directories, to authorized users only.
Mandates and implements restrictive configuration settings, including file permissions, to address incorrect defaults allowing writes to the MariaDB bin directory.