PatchSiren

Yealink CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited Yealink CVE published 2021-11-03

CVE-2021-27561

CVE-2021-27561 is a Yealink Device Management server-side request forgery (SSRF) vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2021-11-03. Because it is KEV-listed, defenders should treat remediation as urgent and follow vendor update guidance.