VDB
CVE-2021-47960
CVE-2021-47960
PUBLISHED
CVSS 6.5 MEDIUM
Reported by synology · Published April 10, 2026
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure.
EPSS 0.03% · 10.2th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.03%
10.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Synology SSL VPN Client | * |
| Synology | Synology SSL VPN Client | * |
Timeline
- Apr 10, 2026 CVE Published
- Apr 10, 2026 PoC Published
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score
References
- Synology-SA-26:05 Synology SSL VPN Client vendor-advisory