CVE-2021-47949
published 2026-05-10CVE-2021-47949: CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.53%
40.9th percentile
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberpanel | cyberpanel | <= 2.1 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47jc-h939-7pj5: CyberPanel 2
ghsa_unreviewed·2026-05-10
CVE-2021-47949 [HIGH] CWE-59 GHSA-47jc-h939-7pj5: CyberPanel 2
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint.
VulDB
CyberPanel up to 2.1 fetchFolderDetails Endpoint /filemanager/controller completeStartingPath link following (Exploit 50230 / EDB-50230)
vuldb·2026-05-10·CVSS 8.7
CVE-2021-47949 [HIGH] CyberPanel up to 2.1 fetchFolderDetails Endpoint /filemanager/controller completeStartingPath link following (Exploit 50230 / EDB-50230)
A vulnerability was found in CyberPanel up to 2.1. It has been classified as critical. Impacted is an unknown function of the file /filemanager/controller of the component fetchFolderDetails Endpoint. This manipulation of the argument completeStartingPath causes link following.
This vulnerability is handled as CVE-2021-47949. The attack can be initiated remotely. Additionally, an exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-10
Published