CVE-2021-27852
CRITICAL KEVCheckbox Survey < 7.0 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization
Title source: llmExploitation Summary
CVE-2021-27852 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 11, 2022.
Description
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/706695
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27852
Scores
CVSS v3
9.8
EPSS
0.2555
EPSS Percentile
96.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2022-04-11
VulnCheck KEV
2022-04-11
InTheWild.io
2021-07-27
ENISA EUVD
EUVD-2021-14590
CWE
CWE-502
Status
published
Products (1)
checkbox/survey
< 7.0
Published
May 27, 2021
KEV Added
Apr 11, 2022
Tracked Since
Feb 18, 2026