CVE-2021-42559

HIGH

MITRE Caldera < 2.8.1 - Authenticated Command Injection via Startup Requirements

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-42559. PoCs published by mbadanoiu.

AI-analyzed exploit summary This repository describes a command injection vulnerability in MITRE Caldera (versions <=2.8.1) where authenticated users can modify startup requirements via the REST API to execute arbitrary commands upon server restart. The README provides details and references a PDF for further exploitation steps.

Description

An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted.

Exploits (1)

nomisec WRITEUP
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2021-42559

This repository describes a command injection vulnerability in MITRE Caldera (versions <=2.8.1) where authenticated users can modify startup requirements via the REST API to execute arbitrary commands upon server restart. The README provides details and references a PDF for further exploitation steps.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MITRE Caldera <=2.8.1
Auth required
Prerequisites: Valid user credentials · Caldera server restart
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0196
EPSS Percentile 77.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (1)
mitre/caldera < 2.8.1
Published Jan 12, 2022
Tracked Since Feb 18, 2026