CVE-2021-21956

HIGH

Cloudlinux Imunify360 - Insecure Deserialization

Title source: rule

Description

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0043
EPSS Percentile 62.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (3)

cloudlinux/imunify360
cloudlinux/imunify360
cloudlinux/imunify360

Timeline

Published Apr 14, 2022
Tracked Since Feb 18, 2026