Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-sh5a-fmna-wffr
Vulnerability ID VCID-sh5a-fmna-wffr
Aliases CVE-2021-22946
Summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-319 Cleartext Transmission of Sensitive Information
CWE-325 Missing Cryptographic Step
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2021-22946
cvssv3.1 Medium https://curl.se/docs/CVE-2021-22946.html
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2384
archlinux High https://security.archlinux.org/AVG-2385
archlinux High https://security.archlinux.org/AVG-2386
archlinux High https://security.archlinux.org/AVG-2387
archlinux High https://security.archlinux.org/AVG-2388
archlinux High https://security.archlinux.org/AVG-2389
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json
https://api.first.org/data/v1/epss?cve=CVE-2021-22946
https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/1334111
1017589 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017589
2003175 https://bugzilla.redhat.com/show_bug.cgi?id=2003175
AVG-2384 https://security.archlinux.org/AVG-2384
AVG-2385 https://security.archlinux.org/AVG-2385
AVG-2386 https://security.archlinux.org/AVG-2386
AVG-2387 https://security.archlinux.org/AVG-2387
AVG-2388 https://security.archlinux.org/AVG-2388
AVG-2389 https://security.archlinux.org/AVG-2389
GLSA-202212-01 https://security.gentoo.org/glsa/202212-01
RHSA-2021:4059 https://access.redhat.com/errata/RHSA-2021:4059
RHSA-2022:0635 https://access.redhat.com/errata/RHSA-2022:0635
RHSA-2022:1354 https://access.redhat.com/errata/RHSA-2022:1354
USN-5079-1 https://usn.ubuntu.com/5079-1/
USN-5079-2 https://usn.ubuntu.com/5079-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.23143
EPSS Score 0.00078
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:23.988426+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202212-01 38.0.0