CVE-2021-43456

HIGH

Rumble Mail Server 0.51.3135 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43456. PoCs published by Mohammed Alshehri.

AI-analyzed exploit summary This exploit describes an unquoted service path vulnerability in Rumble Mail Server 0.51.3135, which could allow local privilege escalation by exploiting the service's executable path. The writeup includes service configuration details but lacks executable PoC code.

Description

An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.

Exploits (1)

exploitdb WRITEUP
by Mohammed Alshehri · textlocalwindows
https://www.exploit-db.com/exploits/49203

This exploit describes an unquoted service path vulnerability in Rumble Mail Server 0.51.3135, which could allow local privilege escalation by exploiting the service's executable path. The writeup includes service configuration details but lacks executable PoC code.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: Rumble Mail Server 0.51.3135
Auth required
Prerequisites: Local access to the target system · Ability to write to the root of C:\ or C:\Program Files\
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/M507/Miner
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49203
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/192729

Scores

CVSS v3 7.8
EPSS 0.0044
EPSS Percentile 34.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-428
Status published
Products (1)
rumble_mail_server_project/rumble_mail_server 0.51.3135
Published Apr 04, 2022
Tracked Since Feb 18, 2026