What is CVE-2021-41126?

CVE-2021-41126 is a high-severity vulnerability in Octobercms October, classified under Improper Authentication. CVSS score: 7.2/10. Published 2021-10-06.

How severe is CVE-2021-41126?

High severity. CVSS v3 base score is 7.2 out of 10.

Auth bypass in Octobercms October

CVE-2021-41126

October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October C…

Vulnerability class: Broken Authentication

EPSS: 0.005 (65.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Octobercms October — versions >= 2.0.0, < 2.1.12

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7 (x_refsource_CONFIRM)
octobercms.com/changelog (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-41126?: CVE-2021-41126 is a high-severity vulnerability in Octobercms October, classified under Improper Authentication. CVSS score: 7.2/10. Published 2021-10-06.
How severe is CVE-2021-41126?: High severity. CVSS v3 base score is 7.2 out of 10.