CVE ID :CVE-2021-47949
Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago
Description :CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : May 10, 2026, 1:16 p.m. | 11 hours, 9 minutes ago
Description :CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2021-47949
Unknown
N/A
N/A
⚠️ Vulnerability Description:
IMMEDIATE ACTIONS
Assess the criticality of all Linux systems running vulnerable kernel versions. Prioritize patching for systems that allow local user access, especially those in multi-user environments, development systems, or systems processing untrusted input. If immediate patching is not feasible, consider isolating affected systems from untrusted networks and restricting local user access to prevent potential exploitation. Review system logs, including kernel logs (
Assess the criticality of all Linux systems running vulnerable kernel versions. Prioritize patching for systems that allow local user access, especially those in multi-user environments, development systems, or systems processing untrusted input. If immediate patching is not feasible, consider isolating affected systems from untrusted networks and restricting local user access to prevent potential exploitation. Review system logs, including kernel logs (
💡 AI-generated — review with a security professional before acting.View on NVD →