CVE-2021-46434

🔶 medium

Summary

EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid

CVSS Score

5.3

Medium

EPSS Score

0.2

Exploit Probability

Published Date

2022-03-28

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 329,778 vulnerabilities in our database.

#264,886

Below average severity

Severity Percentile

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
emqx	emqx	Affected	v3.0.0

🔗 References 1

https://github.com/emqx/emqx/issues/6791

Exploit Issue Tracking Third Party Advisory

🔗 Related CVEs 3

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-8741	ℹ️ low	3.1	0.1	A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_pers...	2026-05-17
CVE-2025-52136	ℹ️ low	3.0	0.0	In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supp...	2025-08-10
CVE-2023-37781	🔶 medium	6.5	0.5	An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted ...	2023-07-17

These CVEs affect the same products