CVE-2021-29441
Authentication bypass
Description
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.
INFO
Published Date :
April 27, 2021, 9:15 p.m.
Last Modified :
June 17, 2026, 3:47 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 2.0 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Upgrade to Nacos 1.4.1 or later
Public PoC/Exploit Available at Github
CVE-2021-29441 has a 52 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2021-29441.
| URL | Resource |
|---|---|
| https://github.com/advisories/GHSA-36hp-jr8h-556f | Exploit Third Party Advisory |
| https://github.com/alibaba/nacos/issues/4701 | Exploit Third Party Advisory |
| https://github.com/alibaba/nacos/pull/4703 | Patch Third Party Advisory |
| https://github.com/advisories/GHSA-36hp-jr8h-556f | Exploit Third Party Advisory |
| https://github.com/alibaba/nacos/issues/4701 | Exploit Third Party Advisory |
| https://github.com/alibaba/nacos/pull/4703 | Patch Third Party Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2021-29441 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2021-29441
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
CVE-2021-29441 - Nacos Authentication Bypass
auth-bypass cve-2021-29441 exploit exploitation hacking poc proof-of-concept
Python
webwiki
面向授权环境的自动化资产测绘 + 漏洞扫描工具,基于原 dddd 的设计思路做现代化重写,覆盖指纹识别、弱口令、nuclei POC、Shiro 专项检测和 HTML 报告。
go security
Go
None
Python Dockerfile Shell PHP Makefile
AI-driven vulnerability verification platform for frameworks and middleware. 27+ detection modules covering Spring, Shiro, Log4j, WebLogic, and more.
cve cybersecurity fastapi penetration-testing python react security vulnerability-scanner web-security
Dockerfile Python HTML JavaScript CSS
None
Makefile HTML Go
None
Python HTML
Async API security scanner in Rust for CORS, CSP, GraphQL, JWT, OpenAPI, and active API posture checks.
rust api-security bola cors csp graphql idor jwt ndjson oauth2 openapi owasp-api-security sarif scanner security vulnerability-scanner websocket
Rust Shell Dockerfile Makefile HTML TypeScript CSS
None
Kotlin Ruby Swift Objective-C Dart CMake C++ C HTML Java
None
一款红队打点助力DDDD神器(POC|workflow|finger|dir管理、自动生成workflow)
[IEEE T-IFS] AutoPT: How Far Are We from the Fully Automated Web Penetration Testing?
Shell Python PHP Dockerfile JavaScript HTML CSS PowerShell Batchfile
备份的漏洞库,3月开始我们来维护
None
None
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2021-29441 vulnerability anywhere in the article.
-
The Hacker News
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming mo ... Read more
-
The Hacker News
AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large ... Read more
The following table lists the changes that have been made to the
CVE-2021-29441 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added Affected [{'vendor': 'alibaba', 'product': 'nacos', 'versions': [{'status': 'affected', 'version': '< 1.4.1'}]}] -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://github.com/advisories/GHSA-36hp-jr8h-556f Added Reference https://github.com/alibaba/nacos/issues/4701 Added Reference https://github.com/alibaba/nacos/pull/4703 -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Initial Analysis by [email protected]
May. 07, 2021
Action Type Old Value New Value Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P) Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://github.com/advisories/GHSA-36hp-jr8h-556f No Types Assigned https://github.com/advisories/GHSA-36hp-jr8h-556f Exploit, Third Party Advisory Changed Reference Type https://github.com/alibaba/nacos/issues/4701 No Types Assigned https://github.com/alibaba/nacos/issues/4701 Exploit, Third Party Advisory Changed Reference Type https://github.com/alibaba/nacos/pull/4703 No Types Assigned https://github.com/alibaba/nacos/pull/4703 Patch, Third Party Advisory Added CWE NIST CWE-290 Added CPE Configuration OR *cpe:2.3:a:alibaba:nacos:*:*:*:*:*:*:*:* versions up to (excluding) 1.4.1