CVE-2021-26473 | Unauthenticated arbitrary file upload and command execution in Vembu products
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
Conclusion & alert: CVE-2021-26473 is rated High Risk (66.4/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 1.76%).Core evidence: EPSS rose +1.01% over the last day, indicating growing attacker interest.Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2021-26473
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).