Apache Solr information disclosure vulnerability through DataImportHandler
Description
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Solr DataImportHandler on Windows accepts UNC paths, triggering SMB requests that can leak hashes or enable relay attacks.
Vulnerability
CVE-2021-44548 is an Improper Input Validation vulnerability in Apache Solr's DataImportHandler. The handler does not sanitize user-supplied Windows UNC paths (\\host\share), causing the Solr server to initiate an SMB connection to the remote host when processing such a path. This flaw affects all Apache Solr versions prior to 8.11.1 and is exclusive to Windows deployments [1][2].
Exploitation
An attacker with the ability to submit a crafted data import configuration — via the DataImportHandler API or by uploading a valid configuration — can supply a UNC path as the source of data. The Solr server will then attempt to access the specified network share, sending an SMB request. No special network position is required beyond reachability of the Solr endpoint; the attacker may be on the same LAN or could coax an internal user to import a malicious configuration [1].
Impact
Successful exploitation leaks the Windows OS user's NTLM/LM password hashes to the attacker's SMB server. In misconfigured environments, an SMB Relay attack can be performed, potentially leading to user impersonation on SMB shares or, in worst cases, remote code execution on other systems that trust the Solr host's credentials. The disclosure of hashes alone already enables offline cracking and lateral movement [1].
Mitigation
Apache Solr 8.11.1, released on 2021-12-23, disables UNC path support by default in the DataImportHandler. Users of affected Windows versions must upgrade to 8.11.1 or later. For environments that cannot immediately upgrade, network-level controls such as blocking outbound SMB (port 445) from the Solr server to untrusted hosts are advised as workarounds [1][2].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.solr:solr-parentMaven | < 8.11.1 | 8.11.1 |
Affected products
3- osv-coords2 versions
< 8.11.1+ 1 more
- (no CPE)range: < 8.11.1
- (no CPE)range: < 8.11.1
- Apache Software Foundation/Apache Solrv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-pccr-q7v9-5f27ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-44548ghsaADVISORY
- security.netapp.com/advisory/ntap-20220114-0005ghsaWEB
- security.netapp.com/advisory/ntap-20220114-0005/mitrex_refsource_CONFIRM
- solr.apache.org/security.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.