HighCISA KEVExploited in the wildPublic exploit

OS Command Execution in Accellion FTA local web service call

IdentifiersCVE-2021-27102CWE-78· Improper Neutralization of Special…

CVE-2021-27102 is an operating system command injection / command execution vulnerability in Accellion File Transfer Appliance (FTA). It affects FTA version 9_12_411 and earlier and was fixed in FTA_9_12_416 and later. The issue is described as OS command execution via a local web service call. Available reporting further indicates the flaw is exploitable by an attacker with local access and low privileges, allowing execution of operating system commands through the vulnerable local web service interaction.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows execution of arbitrary operating system commands on the affected Accellion FTA appliance. In the broader Accellion FTA intrusion activity, exploitation of the FTA vulnerabilities was associated with unauthorized access to appliance data, deployment of web shells, file viewing and exfiltration, and in some cases follow-on extortion. For this specific CVE, the confirmed direct impact is command execution on the appliance by a low-privileged local attacker.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, reduce local attack paths to the appliance, restrict shell and local account access, minimize privileged access on the host, and isolate the FTA system from untrusted networks and adjacent systems as much as operationally feasible. Given known in-the-wild exploitation of Accellion FTA vulnerabilities, organizations should also monitor for signs of compromise, review logs and appliance integrity, and treat unsupported FTA deployments as high risk until migrated.

Remediation

Patch, then assume compromise.

Upgrade Accellion FTA to FTA_9_12_416 or later, as versions 9_12_411 and earlier are affected. Because Accellion FTA was retired/end-of-life in April 2021, organizations should migrate to a supported file transfer platform as recommended by the vendor. If the system was exposed or compromise is suspected, perform incident response actions including forensic collection and review for related Accellion exploitation activity.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

AccellionFtaapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cyberintNews

Feb 20, 2025

CL0P Ransomware: The Latest Updates

A command execution vulnerability in Accellion FTA via a local web service call.

tenable blogNews

Feb 19, 2021

Accellion Patches Four Vulnerabilities in File Transfer Appliance (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104) - Blog | Tenable®

Local low-privilege OS command injection in Accellion FTA; could contribute to compromise and data exfiltration when chained with other issues.

ic3 alertsNews

Apr 2, 2026

An Accellion File Transfer Appliance vulnerability listed among 2021 CVEs known to be exploited.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2021-27102

NVD

nvd.nist.gov/vuln/detail/CVE-2021-27102

MITRE CWE · CWE-78

Improper Neutralization of Special Elements…

Vendor Advisory

accellion.com/products/fta

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27102