CVE-2021-27102

Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.

Basic Information

CVE State: PUBLISHED
Reserved Date: February 10, 2021
Published Date: February 16, 2021
Last Updated: October 21, 2025
Vendor: Accellion
Product: FTA
Description: Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later.
Tags

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://www.accellion.com/products/fta/ https://github.com/accellion/CVEs/blob/main/CVE-2021-27102.txt

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC
CISA	2021-11-03 00:00:00 UTC

Timeline

CVE ID Reserved

February 10, 2021
CVE Published to Public

February 16, 2021
Exploit Used in Malware

November 03, 2021
Added to KEVIntel

November 03, 2021
Added to KEVIntel

November 03, 2021