CVE-2021-41126
7.2 HIGHOctober is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework
Published: 2021-10-06 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-287
Affected products
| Vendor | Product |
|---|---|
| octobercms | october |
Description
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41126
- [Other]https://github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7
- [Vendor advisory]https://octobercms.com/changelog
- [Other]https://github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7
- [Vendor advisory]https://octobercms.com/changelog
Related CVEs
Same vendor
- CVE-2021-3311 — An issue was discovered in October through build 471 (9.8 CRITICAL)
Same CWE
- CVE-2026-48780 — Forem is open source software for building communities (8.2 HIGH)
- CVE-2026-48114 — Metacat is data repository software that helps researchers preserve, share, and discover data (9.8 CRITICAL)
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-50623 — An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF (4.8 MEDIUM)
- CVE-2026-48611 — Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading t... (9.8 CRITICAL)