AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-21266: openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 1, 2021CVE-2021-21266

Summary

openHAB, a home automation software, had a vulnerability in versions before 2.5.12 and 3.0.1 that allowed attackers on the same network to read files from the system using XXE attacks (XML external entity attacks, which trick an XML parser into loading external files or data). Multiple add-ons that process XML data from other devices were vulnerable to this flaw.

Solution / Mitigation

The vulnerabilities have been fixed in versions 2.5.12 and 3.0.1 by a more strict configuration of the used XML parser.

Vulnerability Details

CVSS Score

6.4(medium)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-611

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-21266

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 95%