CriticalCISA KEVExploited in the wildPublic exploit

SSRF in Accellion FTA wmProgressstat.html

IdentifiersCVE-2021-27103CWE-918· Server-Side Request Forgery (SSRF)

CVE-2021-27103 is a server-side request forgery (SSRF) vulnerability in Accellion File Transfer Appliance (FTA). It affects FTA 9_12_411 and earlier and can be triggered by an unauthenticated remote attacker via a specially crafted POST request to the wmProgressstat.html endpoint (also described in supporting content as the wmProgressstat file on a vulnerable FTA endpoint). The flaw allows attacker-controlled requests to be issued by the vulnerable appliance. This vulnerability was one of the Accellion FTA flaws publicly associated with real-world exploitation during the 2020–2021 Accellion incident set.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow an attacker to abuse the Accellion FTA appliance as a proxy for unintended server-side requests. In the broader Accellion FTA intrusion activity described in the supporting content, exploitation of the FTA vulnerability set enabled attackers to access, view, and exfiltrate files from vulnerable FTA instances, and in some cases supported follow-on intrusion activity and extortion. The provided content does not attribute standalone remote code execution directly to CVE-2021-27103 by itself.

Mitigation

If you can’t patch tonight, do this now.

If immediate remediation is not possible, isolate or block internet access to systems hosting Accellion FTA, prioritize monitoring of the appliance for suspicious POST requests to wmProgressstat.html, review web and application logs for signs of exploitation, collect forensic images if compromise is suspected, audit FTA accounts and credentials, and reset security tokens as recommended in Accellion/CISA guidance for the broader FTA compromise activity. Because FTA is end-of-life, migration to a supported platform is the preferred long-term mitigation.

Remediation

Patch, then assume compromise.

Upgrade Accellion FTA to a fixed release. The provided content states the fixed version for CVE-2021-27103 is FTA_9_12_416 and later. Additional advisory content recommends updating FTA to FTA_9_12_432 or later as part of the broader Accellion response, and Accellion FTA was subsequently retired/end-of-life in April 2021. Where still present, organizations should migrate off FTA to a supported file-sharing platform in accordance with vendor guidance.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

AccellionFtaapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cyberintNews

Feb 20, 2025

CL0P Ransomware: The Latest Updates

A critical server-side request forgery vulnerability in Accellion FTA.

tenable blogNews

Feb 19, 2021

Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104) - Blog | Tenable®

Unauthenticated remote SSRF in Accellion FTA via crafted POST requests to wmProgressstat, potentially enabling access to internal resources and aiding data theft.

ic3 alertsNews

Apr 2, 2026

An Accellion File Transfer Appliance vulnerability listed among 2021 CVEs known to be exploited.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2021-27103

NVD

nvd.nist.gov/vuln/detail/CVE-2021-27103

MITRE CWE · CWE-918

Server-Side Request Forgery (SSRF)

Product

accellion.com/products/fta

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27103