High severity7.5NVD Advisory· Published Jan 21, 2026· Updated Apr 15, 2026
CVE-2021-47746
CVE-2021-47746
Description
NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =3.2.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.