Main Vulnerability Database Vulnerabilities #VU125771

#VU125771 Untrusted search path in otp - CVE-2021-29221

Published: April 10, 2026

Vulnerability identifier: #VU125771

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-29221

CWE-ID: CWE-426

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
otp

Software vendor:
erlang

Description

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to an untrusted search path in erlsrv.exe and the Erlang/OTP installation directory when adding files to an existing installation's directory on Windows with unsafe filesystem permissions. A remote attacker can add files to an existing installation's directory to escalate privileges.

User interaction is required, and the issue occurs only under specific conditions on Windows with unsafe filesystem permissions.

Remediation

Install security update from vendor's website.

External links

https://github.com/erlang/otp/security/advisories/GHSA-3rrc-f8wp-rx4j

#VU125771 Untrusted search path in otp - CVE-2021-29221

Description

Remediation

External links

Please verify you're human