Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-t9mj-g8hj-cfaa
Vulnerability ID VCID-t9mj-g8hj-cfaa
Aliases CVE-2021-31806
Summary
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31806.json
epss 0.85178 https://api.first.org/data/v1/epss?cve=CVE-2021-31806
epss 0.85178 https://api.first.org/data/v1/epss?cve=CVE-2021-31806
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-1975
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31806.json
https://api.first.org/data/v1/epss?cve=CVE-2021-31806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33620
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1962595 https://bugzilla.redhat.com/show_bug.cgi?id=1962595
989043 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989043
AVG-1975 https://security.archlinux.org/AVG-1975
GLSA-202105-14 https://security.gentoo.org/glsa/202105-14
RHSA-2021:4292 https://access.redhat.com/errata/RHSA-2021:4292
USN-4981-1 https://usn.ubuntu.com/4981-1/
Data source Metasploit
Description The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from multiple vulnerabilities triggered by specific HTTP requests and responses. These vulnerabilities allow remote attackers to cause a denial of service through specifically crafted requests.
Note 
Stability:
  - crash-service-down
Reliability: []
SideEffects:
  - ioc-in-logs
Ransomware campaign use Unknown
Source publication date May 27, 2021
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/squid_range_dos.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31806.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99375
EPSS Score 0.85178
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:08:04.381870+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0