CVE-2021-27648

CRITICAL

Synology Antivirus Essential <1.4.8-2801 - Privilege Escalation

Title source: llm

Description

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.

References (1)

[Vendor Advisory] https://www.synology.com/security/advisory/Synology_SA_21_15

Scores

CVSS v3 9.0

EPSS 0.0989

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-610

Status published

Products (1)

synology/antivirus_essential < 1.4.8-2801

Published Apr 28, 2021

Tracked Since Feb 18, 2026