CVE-2021-27561CISA KEVEPSS p99.6%

CVE-2021-27561Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability

Yealink / Device Management

Description

Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.

Scoring

EPSS82.52% probability of exploitation · percentile 99.6% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryYealink Device Management Server-Side Request Forgery (SSRF) Vulnerabilitykev-cve-2021-275610%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-66738
CVE
Arm Trusted Firmware Out-of-Bounds Write Vulnerability
CVE
CVE-2025-45887
CVE
GitLab Server-Side Request Forgery (SSRF) Vulnerability
CVE
VMware Server Side Request Forgery in vRealize Operations Manager API
CVE
CVE-2025-27217
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.