{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-47960", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "state": "PUBLISHED", "assignerShortName": "synology", "dateReserved": "2026-04-10T06:29:38.695Z", "datePublished": "2026-04-10T09:21:54.559Z", "dateUpdated": "2026-04-10T12:43:33.313Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Files or Directories Accessible to External Parties", "cweId": "CWE-552", "type": "CWE"}]}], "affected": [{"vendor": "Synology", "product": "Synology SSL VPN Client", "versions": [{"version": "*", "status": "affected", "lessThan": "1.4.5-0684", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "version": "3.1"}}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_26_05", "name": "Synology-SA-26:05 Synology SSL VPN Client", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "Laurent Sibilla (https://www.linkedin.com/in/lsibilla/)", "type": "finder"}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2026-04-10T09:21:54.559Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T12:43:26.407315Z", "id": "CVE-2021-47960", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T12:43:33.313Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47960", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T12:43:26.407315Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T12:43:30.504Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Laurent Sibilla (https://www.linkedin.com/in/lsibilla/)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Synology", "product": "Synology SSL VPN Client", "versions": [{"status": "affected", "version": "*", "lessThan": "1.4.5-0684", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_26_05", "name": "Synology-SA-26:05 Synology SSL VPN Client", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "Files or Directories Accessible to External Parties"}]}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2026-04-10T09:21:54.559Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47960", "state": "PUBLISHED", "dateUpdated": "2026-04-10T12:43:33.313Z", "dateReserved": "2026-04-10T06:29:38.695Z", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "datePublished": "2026-04-10T09:21:54.559Z", "assignerShortName": "synology"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure."}], "id": "CVE-2021-47960", "lastModified": "2026-04-13T15:02:06.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@synology.com", "type": "Primary"}]}, "published": "2026-04-10T10:16:02.853", "references": [{"source": "security@synology.com", "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_26_05"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "security@synology.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.5-0684)"}}], "enrichment": {"confidence": 84.0, "confidence_source": "matching", "scores": [{"score": 84.0, "source": "matching"}]}, "original": {"product": "Synology SSL VPN Client", "source": "cna", "vendor": "Synology"}, "product": "ssl_vpn_client", "vendor": "synology"}], "analysis": {"en": {"generated_at": "2026-04-10T10:50:52.358943+00:00", "value": {"mitigation_remediation": ["Upgrade the Synology SSL VPN Client to version 1.4.5 or later", "Verify that the local HTTP server is listening only on the loopback interface and is not exposed to external networks", "Avoid navigating to untrusted web pages while the VPN client is running", "Monitor Synology\u2019s security advisories for additional patches or work\u2011arounds"], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "All Synology SSL VPN Client installations with a version prior to 1.4.5\u20110684 are affected. The flaw is confined to the SSL VPN Client component and does not impact other Synology products or alternative VPN clients.", "description_and_impact": "The vulnerability stems from a misconfigured local HTTP server that runs on the loopback interface within the Synology SSL VPN Client. A malicious craft of a web page can be used by an attacker to cause the client to serve files from its installation directory, exposing sensitive artifacts such as configuration files, certificates, and logs. The primary impact is the disclosure of confidential data, while system integrity and availability remain unaffected.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates a medium severity vulnerability. EPSS data is unavailable and the issue is not listed in the CISA KEV catalog, suggesting a lower immediate exploitation probability. The attack requires the victim to interact with a malicious web page while the client is running and does not provide remote code execution or denial of service."}}}}, "created": "2026-04-13T12:44:58.832284+00:00", "title": "Local HTTP Server Exposes Sensitive Files in Synology SSL VPN Client", "updated": "2026-04-13T13:06:12.190196+00:00", "vendors": ["synology", "synology$PRODUCT$ssl_vpn_client"]}