Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-frgg-29yv-dyf7
Vulnerability ID VCID-frgg-29yv-dyf7
Aliases CVE-2021-22890
Summary Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-290 Authentication Bypass by Spoofing
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-300 Channel Accessible by Non-Endpoint
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22890.json
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2021-22890
cvssv3.1 4.3 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
ssvc Track https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
cvssv3.1 4.3 https://curl.se/docs/CVE-2021-22890.html
cvssv3.1 Low https://curl.se/docs/CVE-2021-22890.html
ssvc Track https://curl.se/docs/CVE-2021-22890.html
cvssv3.1 3.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 4.3 https://hackerone.com/reports/1129529
ssvc Track https://hackerone.com/reports/1129529
cvssv3.1 4.3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
cvssv3.1 4.3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
cvssv3.1 4.3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
archlinux High https://security.archlinux.org/AVG-1753
archlinux High https://security.archlinux.org/AVG-1754
archlinux High https://security.archlinux.org/AVG-1755
archlinux High https://security.archlinux.org/AVG-1756
cvssv3.1 4.3 https://security.gentoo.org/glsa/202105-36
ssvc Track https://security.gentoo.org/glsa/202105-36
cvssv3.1 4.3 https://security.netapp.com/advisory/ntap-20210521-0007/
ssvc Track https://security.netapp.com/advisory/ntap-20210521-0007/
cvssv3.1 4.3 https://www.oracle.com//security-alerts/cpujul2021.html
ssvc Track https://www.oracle.com//security-alerts/cpujul2021.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22890.json
https://api.first.org/data/v1/epss?cve=CVE-2021-22890
https://curl.se/docs/CVE-2021-22890.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1129529
1941965 https://bugzilla.redhat.com/show_bug.cgi?id=1941965
2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
986270 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986270
AVG-1753 https://security.archlinux.org/AVG-1753
AVG-1754 https://security.archlinux.org/AVG-1754
AVG-1755 https://security.archlinux.org/AVG-1755
AVG-1756 https://security.archlinux.org/AVG-1756
CVE-2021-22890 https://nvd.nist.gov/vuln/detail/CVE-2021-22890
GLSA-202105-36 https://security.gentoo.org/glsa/202105-36
ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
ntap-20210521-0007 https://security.netapp.com/advisory/ntap-20210521-0007/
RHSA-2021:2471 https://access.redhat.com/errata/RHSA-2021:2471
RHSA-2021:2472 https://access.redhat.com/errata/RHSA-2021:2472
USN-4898-1 https://usn.ubuntu.com/4898-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22890.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://curl.se/docs/CVE-2021-22890.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://curl.se/docs/CVE-2021-22890.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://hackerone.com/reports/1129529
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://hackerone.com/reports/1129529
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://security.gentoo.org/glsa/202105-36
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://security.gentoo.org/glsa/202105-36
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20210521-0007/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://security.netapp.com/advisory/ntap-20210521-0007/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://www.oracle.com//security-alerts/cpujul2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:11:48Z/ Found at https://www.oracle.com//security-alerts/cpujul2021.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.25887
EPSS Score 0.00092
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:14:25.589801+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202105-36 38.0.0