CVE-2021-3223
HIGH EXPLOITED NUCLEINode-RED-Dashboard <2.26.2 - Path Traversal
Title source: llmExploitation Summary
CVE-2021-3223 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Nuclei Templates (1)
Node RED Dashboard <2.26.2 - Local File Inclusion
HIGHVERIFIEDby gy741,pikpikcu
Shodan:
title:"Node-RED" || http.title:"node-red"
FOFA:
title="Node-RED" || title="node-red"
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/node-red/node-red-dashboard/issues/669
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
Scores
CVSS v3
7.5
EPSS
0.1651
EPSS Percentile
96.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2023-11-14
CWE
CWE-22
Status
published
Products (2)
nodered/node-red-dashboard
< 2.26.2
npm/node-red-dashboard
0 - 2.26.2npm
Published
Jan 26, 2021
Tracked Since
Feb 18, 2026