High severity7.6NVD Advisory· Published Sep 7, 2021· Updated Jun 17, 2026
CVE-2021-38616
CVE-2021-38616
Description
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Eigen/Eigen NLPdescription
Patches
Vulnerability mechanics
References
4- eigentech.comnvdVendor Advisory
- excellium-services.com/cert-xlm-advisory/nvdThird Party Advisory
- excellium-services.com/cert-xlm-advisory/CVE-2021-38616nvdThird Party Advisory
- cds.thalesgroup.com/en/tcs-cert/CVE-2021-38616nvd
News mentions
0No linked articles in our index yet.