CVE-2021-41094
4.2 MEDIUMWire is an open source secure messenger
Published: 2021-10-04 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 4.2 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
- CWE
- CWE-668
Affected products
| Vendor | Product |
|---|---|
| wire | wire |
Description
Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41094
- [Patch]https://github.com/wireapp/wire-ios/commit/5ba3eb180efc3fc795d095f9c84ae7f109b84746
- [Other]https://github.com/wireapp/wire-ios/security/advisories/GHSA-h4m7-pr8h-j7rf
- [Patch]https://github.com/wireapp/wire-ios/commit/5ba3eb180efc3fc795d095f9c84ae7f109b84746
- [Other]https://github.com/wireapp/wire-ios/security/advisories/GHSA-h4m7-pr8h-j7rf
Related CVEs
Same vendor
- CVE-2021-41100 — Wire-server is the backing server for the open source wire secure messaging application (7.4 HIGH)
- CVE-2021-41093 — Wire is an open source secure messenger (7.4 HIGH)
- CVE-2021-41101 — wire-server is an open-source back end for Wire, a secure collaboration platform (5.7 MEDIUM)
Same CWE
- CVE-2026-53826 — OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace ... (4.3 MEDIUM)
- CVE-2026-47141 — vm2 is an open source vm/sandbox for Node.js
- CVE-2026-48096 — OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)
- CVE-2026-42535 — A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV proper... (9.1 CRITICAL)
- CVE-2025-15653 — Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unau... (6.8 MEDIUM)