{"id":"CVE-2021-26557","details":"When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.","modified":"2026-04-10T04:31:17.802597Z","published":"2021-10-07T01:15:07.057Z","references":[{"type":"ADVISORY","url":"https://advisories.octopus.com/adv/2021-02---Local-privilege-escalation-in-Octopus-Tentacle-%28CVE-2021-26557%29.1732870264.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/octopusdeploy/octopustentacle","events":[{"introduced":"fd9aeb49f65cf142eb28899520d9ed5c4246f6b2"},{"fixed":"ac0112c0907911fec283282ffd77e3d643ceb43d"}],"database_specific":{"versions":[{"introduced":"3.15.4"},{"fixed":"6.0.489"}]}}],"versions":["3.15.4","3.15.5","3.15.6","3.15.7","3.15.8","3.16.0","3.16.1","3.16.2","3.16.3","3.16.4","3.17.0","3.18.0","3.19.0","3.19.1","3.20.0","3.20.1","3.21.0","3.22.0","3.22.1","3.22.1-deleteme","3.22.2","3.23.0","3.23.1","3.23.2","3.24.0","3.25.0","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","5.0.0","5.0.1","5.0.10","5.0.11","5.0.12","5.0.13","5.0.14","5.0.15","5.0.16","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.0.9","6.0.291","6.0.294","6.0.295","6.0.303","6.0.304","6.0.306","6.0.307","6.0.308","6.0.309","6.0.310","6.0.311","6.0.312","6.0.313","6.0.314","6.0.315","6.0.316","6.0.317","6.0.319","6.0.320","6.0.323","6.0.325","6.0.329","6.0.332","6.0.333","6.0.334","6.0.337","6.0.339","6.0.340","6.0.341","6.0.342","6.0.343","6.0.344","6.0.352","6.0.353","6.0.356","6.0.359","6.0.364","6.0.365","6.0.368","6.0.370","6.0.371","6.0.372","6.0.373","6.0.374","6.0.375","6.0.376","6.0.377","6.0.380","6.0.381","6.0.383","6.0.386","6.0.388","6.0.389","6.0.390","6.0.394","6.0.397","6.0.403","6.0.404","6.0.405","6.0.408","6.0.409","6.0.423","6.0.424","6.0.425","6.0.426","6.0.429","6.0.435","6.0.436","6.0.437","6.0.440","6.0.443","6.0.444","6.0.445","6.0.446","6.0.447","6.0.448","6.0.449","6.0.450","6.0.451","6.0.452","6.0.453","6.0.454","6.0.455","6.0.456","6.0.460","6.0.461","6.0.462","6.0.463","6.0.464","6.0.466","6.0.477","6.0.478","6.0.479","6.0.480","6.0.481","6.0.486"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26557.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}