Cyber Posture

CVE-2021-47761

HighPublic PoC

Published: 15 January 2026

Published
15 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47761 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Millegpg (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-34 Non-modifiable Executable Programs good match
prevent

Directly prevents low-privileged authenticated users from modifying critical service executable files like mysqld.exe in the MariaDB bin directory.

CM-5 Access Restrictions for Change good match
prevent

Restricts modification of configuration-controlled system components, such as executable files in privileged directories, to authorized users only.

CM-6 Configuration Settings good match
prevent

Mandates and implements restrictive configuration settings, including file permissions, to address incorrect defaults allowing writes to the MariaDB bin directory.

NVD Description

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer…

more

restarts.

Deeper analysisAI

CVE-2021-47761 is a local privilege escalation vulnerability in MilleGPG5 version 5.7.2. It stems from incorrect default permissions (CWE-276) that allow authenticated users to modify service executable files in the MariaDB bin directory. Specifically, attackers can replace the mysqld.exe file with a malicious executable, which will then execute with system privileges upon computer restart. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

Local authenticated users with low privileges can exploit this vulnerability to achieve privilege escalation to system level. By overwriting mysqld.exe in the MariaDB bin directory, an attacker positions a malicious binary to run automatically with elevated privileges during system reboot, potentially enabling full system compromise, persistence, or further lateral movement.

Advisories and related resources are available at https://millegpg.it/, while a proof-of-concept exploit is published at https://www.exploit-db.com/exploits/50558, confirming practical exploitability. The vulnerability was published on 2026-01-15T16:16:07.160.

Details

CWE(s)
CWE-276

Affected Products

Millegpg
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-24107Shared CWE-276
CVE-2024-53841Shared CWE-276
CVE-2024-43166Shared CWE-276
CVE-2021-47852Shared CWE-276
CVE-2026-32983Shared CWE-276
CVE-2024-53840Shared CWE-276
CVE-2025-24172Shared CWE-276
CVE-2025-24093Shared CWE-276
CVE-2024-11468Shared CWE-276
CVE-2024-55959Shared CWE-276

References