QSearchQSearch

CVE-2021-3401

9.8 CRITICAL

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformp...

Published: 2021-02-04 · Last updated: 2026-06-17

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-88

Affected products

VendorProduct
bitcoinbitcoin

Description

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-3195 bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a du... (7.5 HIGH)

Same CWE

  • CVE-2026-47365 Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass ... (9.9 CRITICAL)
  • CVE-2026-47250 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management (6.1 MEDIUM)
  • CVE-2026-46529 Atril Document Viewer is the default document reader of the MATE desktop environment for Linux
  • CVE-2026-53694 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.T...
  • CVE-2026-52750 Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not ... (7.8 HIGH)