Login Sign Up

CVE-2021-46361

9.8 CRITICAL
Remote Code Execution Authentication Bypass

📋 TL;DR

This vulnerability in Magnolia CMS allows attackers to bypass security restrictions in the FreeMarker template engine and execute arbitrary code via specially crafted payloads. It affects Magnolia CMS v6.2.11 and earlier versions, potentially enabling remote code execution on affected systems.

💻 Affected Systems

Products:
  • Magnolia CMS
Versions: v6.2.11 and below
Operating Systems: All platforms running Magnolia CMS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using the vulnerable FreeMarker filter component in Magnolia CMS.

📦 What is this software?

Magnolia Cms by Magnolia Cms

View all CVEs affecting Magnolia Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the Magnolia CMS server, allowing data theft, defacement, or use as a pivot point into internal networks.

🟠

Likely Case

Remote code execution leading to website defacement, data exfiltration, or installation of backdoors and malware.

🟢

If Mitigated

Limited impact with proper network segmentation, web application firewalls, and strict input validation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted FreeMarker payloads to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.2.12

Vendor Advisory: https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.12.html#_security_advisory

Restart Required: Yes

Instructions:

1. Backup your Magnolia CMS instance and database. 2. Download Magnolia CMS v6.2.12 or later from the official vendor. 3. Follow the upgrade instructions in the Magnolia documentation. 4. Restart the Magnolia CMS service.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Implement WAF rules to block suspicious FreeMarker template patterns and payloads.

Input Validation Filter

all

Add custom input validation to sanitize FreeMarker template inputs before processing.

🧯 If You Can't Patch

  • Isolate the Magnolia CMS instance behind a reverse proxy with strict input validation
  • Disable or restrict access to FreeMarker template editing functionality if not required

🔍 How to Verify

Check if Vulnerable:

Check the Magnolia CMS version in the admin interface or by examining the installation directory. Versions 6.2.11 and below are vulnerable.

Check Version:

Check the Magnolia admin panel or examine the magnolia.properties file in the installation directory.

Verify Fix Applied:

Verify the Magnolia CMS version is 6.2.12 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unusual FreeMarker template processing errors
  • Suspicious POST requests containing FreeMarker syntax
  • Unexpected system command execution in logs

Network Indicators:

  • HTTP requests with FreeMarker payloads to Magnolia endpoints
  • Unusual outbound connections from Magnolia server

SIEM Query:

source="magnolia" AND (message="*FreeMarker*" OR message="*template*" OR message="*exec*" OR message="*Runtime*" OR message="*ProcessBuilder*")

📊 Metadata

CVE ID: CVE-2021-46361
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: February 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON