Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-u8aq-2qhu-gff5
Vulnerability ID VCID-u8aq-2qhu-gff5
Aliases CVE-2021-3618
Summary ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication
Status Published
Exploitability 0.5
Weighted Severity 6.7
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-295 Improper Certificate Validation
System Score Found at
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
epss 0.00615 https://api.first.org/data/v1/epss?cve=CVE-2021-3618
cvssv3.1 7.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux Medium https://security.archlinux.org/AVG-2101
archlinux Medium https://security.archlinux.org/AVG-2102
archlinux Medium https://security.archlinux.org/AVG-2103
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1975623 https://bugzilla.redhat.com/show_bug.cgi?id=1975623
991328 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328
991329 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329
991331 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331
AVG-2101 https://security.archlinux.org/AVG-2101
AVG-2102 https://security.archlinux.org/AVG-2102
AVG-2103 https://security.archlinux.org/AVG-2103
USN-5371-1 https://usn.ubuntu.com/5371-1/
USN-5371-2 https://usn.ubuntu.com/5371-2/
USN-6379-1 https://usn.ubuntu.com/6379-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.69833
EPSS Score 0.00615
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T14:02:02.887108+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json 38.0.0