cvedb.io
CVE-2021-33191
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-08-24T12:15:07.307 · Last modified 2026-06-17T03:54:19.737

Summary

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0

Affected products

apache — nifi_minifi_c\+\+

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.