CVE-2021-37580

CRITICAL EXPLOITED NUCLEI

Apache ShenYu 2.3.0-2.4.0 - Authentication Bypass via JWT Misuse

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-37580 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 7 public exploits from researchers including fengwenhua, Liang2580, ZororoZ. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2021-37580, which bypasses JWT authentication in Apache ShenYu Admin. The script generates a crafted JWT token and sends it to the target endpoint to check for vulnerability.

Description

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Exploits (7)

nomisec WORKING POC 38 stars
by fengwenhua · remote
https://github.com/fengwenhua/CVE-2021-37580

This repository contains a functional exploit PoC for CVE-2021-37580, which bypasses JWT authentication in Apache ShenYu Admin. The script generates a crafted JWT token and sends it to the target endpoint to check for vulnerability.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache ShenYu Admin (versions 2.4.0 and earlier)
No auth needed
Prerequisites: Target URL · Username dictionary file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 7 stars
by Liang2580 · poc
https://github.com/Liang2580/CVE-2021-37580

This PoC exploits CVE-2021-37580, an authentication bypass vulnerability in an unspecified software. It generates a JWT token with a hardcoded salt and sends it to the '/dashboardUser' endpoint to bypass authentication and retrieve user data.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Unspecified (likely a web application using JWT for authentication)
No auth needed
Prerequisites: Network access to the target application · Python environment with 'requests' and 'PyJWT' libraries
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 5 stars
by ZororoZ · poc
https://github.com/ZororoZ/CVE-2021-37580

The repository contains a functional Python script that exploits an authentication bypass vulnerability in Apache ShenYu Admin by querying the `/dashboardUser` endpoint to retrieve user credentials without authentication. The script supports both single URL and batch file input for vulnerability verification.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache ShenYu Admin
No auth needed
Prerequisites: Network access to the target Apache ShenYu Admin instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 4 stars
by rabbitsafe · poc
https://github.com/rabbitsafe/CVE-2021-37580

This repository contains a functional exploit PoC for CVE-2021-37580, an authentication bypass vulnerability in Apache ShenYu Admin. The exploit generates a crafted JWT token with a hardcoded salt and sends it to the `/dashboardUser` endpoint to retrieve admin credentials.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache ShenYu Admin 2.3.0, 2.4.0
No auth needed
Prerequisites: Network access to the target Apache ShenYu Admin instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by CN016 · remote
https://github.com/CN016/Apache-ShenYu-Admin-JWT-CVE-2021-37580-

This script exploits CVE-2021-37580, an authentication bypass vulnerability in Apache ShenYu Admin. It retrieves a JWT token via a hardcoded endpoint and uses it to access the '/dashboardUser' endpoint, demonstrating unauthorized data access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache ShenYu Admin
No auth needed
Prerequisites: Network access to the target · Apache ShenYu Admin instance running
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Wing-song · poc
https://github.com/Wing-song/CVE-2021-37580

This repository contains a functional Python script that exploits CVE-2021-37580, an authentication bypass vulnerability in Apache ShenYu. The exploit generates a JWT token with a hardcoded salt and sends it to the target endpoint to bypass authentication and retrieve user information.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache ShenYu
No auth needed
Prerequisites: Target URL · Existing username
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS
by Osyanina · poc
https://github.com/Osyanina/westone-CVE-2021-37580-scanner

The repository claims to be a scanner for CVE-2021-37580 (an authentication bypass in Apache Shenyu admin) but lacks actual code or technical details. It instructs users to run a precompiled executable (CVE-2021-37580.exe), which is a red flag for potential malware.

Classification
Suspicious 90%
Attack Type
Auth Bypass
Complexity
Theoretical
Reliability
Theoretical
Target: Apache Shenyu admin < 2.3.0, < 2.4.0
No auth needed
Prerequisites: network access to target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Apache ShenYu Admin JWT - Authentication Bypass
CRITICALby pdteam

References (2)

Core 2
Core References
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/o15j25qwtpcw62k48xw1tnv48skh3zgb
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/11/16/1

Scores

CVSS v3 9.8
EPSS 0.9425
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-05
CWE
CWE-287
Status published
Products (3)
apache/shenyu 2.3.0
apache/shenyu 2.4.0
org.apache.shenyu/shenyu-admin 2.3.0 - 2.4.1Maven
Published Nov 16, 2021
Tracked Since Feb 18, 2026