Cyber Resilience

CVE-2021-47781

MediumPublic PoC

Published: 15 January 2026

Published
15 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 16.0th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2021-47781 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2021-47781 is a buffer overflow vulnerability (CWE-787) affecting Cmder Console Emulator version 1.3.18. The flaw occurs when the application processes a maliciously crafted .cmd file containing repeated characters, which overwhelms the console emulator's buffer and triggers a denial of service condition by crashing the application. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with potential for high impacts across confidentiality, integrity, and availability.

Any remote attacker without privileges or user interaction can exploit this vulnerability by creating and delivering a specially constructed .cmd file to a targeted system running the affected Cmder version. Upon processing the file, the buffer overflow causes the application to crash, resulting in a denial of service. The high CVSS impact scores suggest potential for broader compromise beyond just crashing, though the primary effect described is application termination.

References include the official Cmder GitHub repository at https://github.com/cmderdev/cmder and an Exploit-DB entry at https://www.exploit-db.com/exploits/50401, which provides details on the vulnerability and likely a proof-of-concept exploit. No specific patch or mitigation details are outlined in the available information, but practitioners should check the repository for updates beyond version 1.3.18. The CVE was published on 2026-01-15.

EU & UK References

Vulnerability details

Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console…

more

emulator's buffer and crash the application.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Buffer overflow triggered by crafted .cmd file enables initial access via malicious file execution, with CVSS impacts suggesting possible RCE or DoS.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33144Shared CWE-787
CVE-2025-24451Shared CWE-787
CVE-2025-24441Shared CWE-787
CVE-2025-23396Shared CWE-787
CVE-2018-25255Shared CWE-787
CVE-2019-25604Shared CWE-787
CVE-2026-21312Shared CWE-787
CVE-2026-23715Shared CWE-787
CVE-2025-21138Shared CWE-787
CVE-2026-0957Shared CWE-787

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the buffer overflow flaw in Cmder by identifying, reporting, and applying patches or updates from the official repository.

prevent

Requires validation of .cmd file inputs to reject maliciously crafted files with repeated characters that trigger the buffer overflow.

prevent

Implements memory safeguards like address space layout randomization and stack canaries to protect against buffer overflow exploitation leading to crash or compromise.

References