CVE-2021-22926

Name: CVE-2021-22926
Creator: NVD / NIST
Published: 2021-08-05T21:15:11.553+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 9.82%

Last modified Jun 17, 2026

CVE-2021-22926 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. EPSS estimates a 9.82% chance of exploitation in the next 30 days.

Description

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

9.82%

94.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Haxx	Curl	>= 7.33.0, < 7.78.0
Netapp	Active Iq Unified Manager	All versions
Netapp	Clustered Data Ontap	All versions
Netapp	Hci Management Node	All versions
Netapp	Oncommand Insight	All versions
Netapp	Oncommand Workflow Automation	All versions
Netapp	Snapcenter	All versions
Netapp	Solidfire	All versions
Oracle	Mysql Server	>= 5.7.0, <= 5.7.35
Oracle	Mysql Server	>= 8.0.0, <= 8.0.26
Oracle	Peoplesoft Enterprise Peopletools	8.57
Oracle	Peoplesoft Enterprise Peopletools	8.58
Oracle	Peoplesoft Enterprise Peopletools	8.59
Siemens	Sinec Infrastructure Network Services	< 1.0.1.1
Netapp	H300s Firmware	All versions
Netapp	H300e Firmware	All versions
Netapp	H500e Firmware	All versions
Netapp	H500s Firmware	All versions
Netapp	H700s Firmware	All versions
Netapp	H700e Firmware	All versions
Netapp	H410s Firmware	All versions
Splunk	Universal Forwarder	>= 8.2.0, < 8.2.12
Splunk	Universal Forwarder	>= 9.0.0, < 9.0.6
Splunk	Universal Forwarder	9.1.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatch, Third Party Advisory
https://hackerone.com/reports/1234760Exploit, Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3EMailing List, Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3EMailing List, Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3EMailing List, Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3EMailing List, Third Party Advisory
https://security.gentoo.org/glsa/202212-01Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0003/Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0003/Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatch, Third Party Advisory
https://hackerone.com/reports/1234760Exploit, Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3EMailing List, Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3EMailing List, Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3EMailing List, Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3EMailing List, Third Party Advisory
https://security.gentoo.org/glsa/202212-01Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0003/Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0003/Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory

Timeline

Published: Aug 5, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-22926?

How severe is CVE-2021-22926?

CVE-2021-22926 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 9.82% probability of exploitation in the next 30 days.

How do I fix CVE-2021-22926?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-22926?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST