Western Digital has fixed a critical severity vulnerability (CVE-2021-44142) in its products, which could enable attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.

My Cloud OS 5 Firmware 5.21.104 released on March 23, 2022 includes fixes to address this vulnerability. Western Digital recommends that users promptly update their devices to the latest firmware.

Full list of impacted My Cloud products and fixed firmware versions can be found in Western Digital advisory – westerndigital.com.