CVE-2017-1000215

CRITICAL

ROOT xrootd <4.6.0 - Command Injection

Title source: llm
STIX 2.1

Description

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution

Scores

CVSS v3 9.8
EPSS 0.0647
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
xrootd/xrootd < 4.6.0
Published Nov 17, 2017
Tracked Since Feb 18, 2026