CVE-2021-43116

HIGH

Nacos 2.0.3 - Privilege Escalation

Title source: llm

Description

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.

Exploits (2)

exploitdb SCANNER

by Jenson Zhao · pythonwebappsjava

https://www.exploit-db.com/exploits/51205

View Code ZIP pw:eip

github SCANNER

by Immer5ion · pythonpoc

https://github.com/Immer5ion/cve_poc/tree/main/CVE-2021-43116.py

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171638/Nacos-2.0.3-Access-Control.html

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/alibaba/nacos/issues/7127

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/alibaba/nacos/issues/7182

Scores

CVSS v3 8.8

EPSS 0.0578

EPSS Percentile 90.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (2)

alibaba/nacos < 2.0.3

com.alibaba.nacos/nacos-client 0Maven

Published Jul 05, 2022

Tracked Since Feb 18, 2026