CVE-2021-31805

Confirmed PUBLISHED

Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.

Apache Software Foundation · Apache Struts

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
38
Unique Attacker IPs
19
CISA KEV
Not yet in CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
9.8 Critical EPSS 85.3%

At a Glance

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

apache nuclei_scanner
CVE Published
Apr 12, 2022
Exploitation Reported
Jun 12, 2026
CVSS
9.8 Critical
EPSS
85.3%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Apache Software Foundation
Apache Struts

2.0.0 to 2.5.29

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.