CVE-2021-26829

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 1 article

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

7.56%

probability

This CVE has a 7.56% probability of being exploited in the next 30 days.

0% Top 91.9th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79 · Cross-site Scripting

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

TheHackerNews Nov 30, 2025

Signal Intelligence

Confidenceⓘ

85%

EPSS 7.56%

Mentions 1

Last Seen Nov 30, 2025

CNA Information

Analyst Note

CVE-2021-26829 is listed in CISA KEV catalog with explicit citation of active exploitation evidence. TheHackerNews article confirms CISA added this vulnerability to KEV for actively exploited status, meeting zero-day criteria despite the 2021 publication date and lack of explicit pre-patch timing documentation.

Threat Actors 8

Hacking Team

apt_group 🇮🇹 IT

APT3

apt_group Information theft and espionage 🇨🇳 CN

APT35

apt_group Information theft and espionage 🇮🇷 IR

APT 22

apt_group Information theft and espionage 🇨🇳 CN

Shadow Network

apt_group Information theft and espionage 🇨🇳 CN

OverFlame

apt_group 🇷🇺 RU

APT 5

apt_group Information theft and espionage 🇨🇳 CN

Cyber Alliance

apt_group 🇺🇦 UA

Triage Info

Decided atMar 05, 2026