CVE-2021-47746 HIGH

CVE-2021-47746: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write

Vendor Nodebb
Product NodeBB Plugin Emoji
Weakness CWE-73
Published January 21, 2026
Last update March 5, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with admin access can craft file upload requests with directory traversal to overwrite system files by manipulating the file path parameter.

Key dates

02Disclosure timeline

January 21, 2026 CVE published
March 5, 2026 Record updated