CVE-2021-26557
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-26557
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26557.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-26557
- Published
- 2021-10-07T01:15:07.057Z
- Modified
- 2025-11-20T11:37:22.606812Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
- References
Affected packages
Git / github.com/octopusdeploy/octopustentacle
Affected versions
3.*
3.15.4
3.15.5
3.15.6
3.15.7
3.15.8
3.16.0
3.16.1
3.16.2
3.16.3
3.16.4
3.17.0
3.18.0
3.19.0
3.19.1
3.19.2
3.20.0
3.20.1
3.21.0
3.22.0
3.22.1
3.22.1-deleteme
3.22.2
3.23.0
3.23.1
3.23.2
3.24.0
3.25.0
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
5.*
5.0.0
5.0.0-beta1
5.0.0-beta14
5.0.0-beta15
5.0.0-beta16
5.0.1
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
6.*
6.0.291
6.0.294
6.0.295
6.0.303
6.0.304
6.0.306
6.0.307
6.0.308
6.0.309
6.0.310
6.0.311
6.0.312
6.0.313
6.0.314
6.0.315
6.0.316
6.0.317
6.0.319
6.0.320
6.0.323
6.0.325
6.0.329
6.0.332
6.0.333
6.0.334
6.0.337
6.0.339
6.0.340
6.0.341
6.0.342
6.0.343
6.0.344
6.0.352
6.0.353
6.0.356
6.0.359
6.0.364
6.0.365
6.0.368
6.0.370
6.0.371
6.0.372
6.0.373
6.0.374
6.0.375
6.0.376
6.0.377
6.0.380
6.0.381
6.0.383
6.0.386
6.0.388
6.0.389
6.0.390
6.0.394
6.0.397
6.0.403
6.0.404
6.0.405
6.0.408
6.0.409
6.0.423
6.0.424
6.0.425
6.0.426
6.0.429
6.0.435
6.0.436
6.0.437
6.0.440
6.0.443
6.0.444
6.0.445
6.0.446
6.0.447
6.0.448
6.0.449
6.0.450
6.0.451
6.0.452
6.0.453
6.0.454
6.0.455
6.0.456
6.0.460
6.0.461
6.0.462
6.0.463
6.0.464
6.0.466
6.0.477
6.0.478
6.0.479
6.0.480
6.0.481
6.0.486