216.73.217.86

CVE-2021-29441

· Published 27/04/2021 23:15 · Modified 13/07/2026 12:22 · Author: The MITRE Corporation

Labels: CVE-2021-29441

Essential information

Published
27/04/2021 23:15
Modified
13/07/2026 12:22
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.6 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:N/A:N

CVSS metrics

Description

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.

NVD status

NVD
View on NVD