PHP-FPM, the FastCGI process manager included in the main distribution of PHP since the 5.3 branch, has a critical vulnerability CVE-2021-21703, which allows an unprivileged host user to execute code as root. The problem manifests itself on servers that use PHP-FPM to organize the launch of PHP scripts, usually used in conjunction with Nginx. The researchers who identified the problem were able to prepare a working prototype of the exploit.