CVE-2021-326231
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6.
There is no known workaround for this issue.
- Public exploit or PoC is available
- CVSS base score ≥ 7.0
Exploitation evidence
1 of 7 sourcesExploitation momentum
16 days of EPSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H- 16 Jun 2021Published to NVD
- 17 Jun 2026Last modified
Public Exploits & PoCs
1ATT&CK techniques
2Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
▤ Build a SIEM detection for these techniquesCAPEC attack patterns
1Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.