Execute Command Function Allows Remote Code Execution (RCE)Vulnerability
Description
The Serv-U File Server allows for events such as user login failures to be audited by executing a command. This command can be supplied with parameters that can take the form of user string variables, allowing remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Serv-U File Server allows command injection via audit event parameters enabling remote code execution.
Vulnerability
SolarWinds Serv-U File Server versions prior to the fix for CVE-2021-35223 allow the audit of events (such as user login failures) by executing a configured command. The command can be supplied with parameters that use user string variables, enabling remote code execution when an attacker-controlled string is processed by the command execution feature [1].
Exploitation
An attacker with network access to the Serv-U FTP/FTPS/SFTP service can cause a login failure that includes a crafted string in the username or other user-provided field. The audit action executing the external command processes this string as a command parameter, resulting in arbitrary command execution [1].
Impact
Successful exploitation allows an unauthenticated remote attacker to execute arbitrary operating system commands in the context of the Serv-U service, leading to full compromise of the affected server [1].
Mitigation
SolarWinds has released a hotfix for Serv-U File Server. Affected users should apply the update as provided in the security advisory [1]. No workarounds were published; upgrading to the fixed version is the recommended remediation.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <15.2.4
- Range: 15.2.3 and previous versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- documentation.solarwinds.com/en/success_center/servu/content/release_notes/servu_15-2-4_release_notes.htmmitrex_refsource_MISC
- support.solarwinds.com/SuccessCenter/s/article/Execute-Command-Function-Allows-Remote-Code-Execution-RCE-Vulnerability-CVE-2021-35223mitrex_refsource_MISC
- www.solarwinds.com/trust-center/security-advisories/cve-2021-35223mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.