CVE-2021-40323

CRITICAL NUCLEI

Cobbler < 3.3.0 - Remote Code Execution via XMLRPC Log Poisoning

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-40323. PoCs published by tnpitsecurity. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2021-40323 and CVE-2021-40324, demonstrating arbitrary file read/write and remote code execution in Cobbler via XMLRPC API abuse and template injection.

Description

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

Exploits (1)

github WORKING POC 4 stars
by tnpitsecurity · poc
https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2021-40323-40324

The repository contains functional exploit code for CVE-2021-40323 and CVE-2021-40324, demonstrating arbitrary file read/write and remote code execution in Cobbler via XMLRPC API abuse and template injection.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cobbler <= 3.2.1
No auth needed
Prerequisites: Cobbler server with exposed XMLRPC API · At least one profile configured
devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Cobbler <3.3.0 - Remote Code Execution
CRITICALby c-sh0
Shodan: http.title:"cobbler web interface"
FOFA: title="cobbler web interface"

References (2)

Core 2
Core References
Product, Third Party Advisory x_refsource_misc
https://github.com/cobbler/cobbler/releases/tag/v3.3.0

Scores

CVSS v3 9.8
EPSS 0.9317
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (2)
cobbler_project/cobbler < 3.3.0
pypi/cobbler 0 - 3.3.0PyPI
Published Oct 04, 2021
Tracked Since Feb 18, 2026