Share
## https://sploitus.com/exploit?id=B7BAFDF9-C9BF-5517-A7B6-4A46F1DFEDEC
# CVE-2026 PoC Collection Report

**Collection date**: May 19, 2026
**Collection tool**: automated script + proxy access
**Proxy**: socks5://root:***@146.235.216.7:38163

## Collect Statistics

- **Total PoCs**: 12
- **Category Statistics**.
- Web Application Vulnerabilities: 3
- Linux Kernel Vulnerabilities: 3
- Windows Vulnerabilities: 1
- Other Vulnerabilities: 5

## Detailed PoC List

### 1. Web Application Vulnerabilities

#### CVE-2026-21858 (CVSS 10.0)
- **Description**: n8n Ni8mare - Unauthorized arbitrary file read into RCE chain
- **Language**: Python
- **Starred**: 257
- **URL**: https://github.com/Chocapikk/CVE-2026-21858
- **Severity**: Critical
- **Impact**: Remote code execution

#### CVE-2026-23918-Apache-H2-PoC
- **Description**: Apache mod_http2 Double Release Vulnerability PoC with support for multi-modal DoS and passive RCE detection
- **Language**: Python
- **Starred**: 15
- **URL**: https://github.com/xeloxa/CVE-2026-23918-Apache-H2-PoC
- **Severity**: High
- **Impact**: Denial of Service, Remote Code Execution

#### CVE-2026-31431-Copy-Fail
- **Description**: Linux local elevation of privilege vulnerability research material, PoC scripts and experimental assets
- **Language**: C
- **Starred**: 5
- **URL**: https://github.com/4xura/CVE-2026-31431-Copy-Fail
- **Severity**: High
- **Impact**: Local Elevation of Privilege

### 2. Linux kernel vulnerabilities

#### cve_2026_31431
- **Description**: CVE-2026-31431 exploit PoC
- **Language**: Python
- **Starred**: 558
- **URL**: https://github.com/rootsecdev/cve_2026_31431
- **Severity**: High
- **Impact**: Local elevation of privilege

#### CVE-2026-31431-Linux-Copy-Fail
- **Description**: Exploit of CVE-2026-31431 using Rust to achieve local elevation of privilege via arbitrary page slow write primitives.
- **Language**: Rust
- **Starred**: 2
- **URL**: https://github.com/Dullpurple-sloop726/CVE-2026-31431-Linux-Copy-Fail
- **Severity**: High
- **Impact**: Local elevation of privilege

#### Copy-Fail-CVE-2026-31431-Kubernetes-PoC
- **Description**: Kubernetes Container Escape PoC for node-level code execution via CVE-2026-31431 page cache corruption.
- **Language**: YAML
- **Starred**: 138
- **URL**: https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC
- **Severity**: Critical
- **Impact**: container escape, node-level code execution

### 3. Windows Vulnerabilities

#### CVE-2026-21509-PoC
- **Description**: Microsoft Office security feature bypasses the vulnerability education PoC to generate harmless DOCX files to study EDR/AV visibility
- **Language**: Python
- **Starred**: 17
- **URL**: https://github.com/gavz/CVE-2026-21509-PoC
- **Severity**: Medium
- **Impact**: Security feature bypassed

### 4. Other Vulnerabilities

#### CVE-2026-41940-Exploit-PoC
- **Description**: cPanel and WHM authentication bypass vulnerability PoC tool, written in Go.
- **Language**: Go
- **Starred**: 0
- **URL**: https://github.com/Defacto-ridgepole254/CVE-2026-41940-Exploit-PoC
- **Severity**: High
- **Impact**: Authentication Bypass

#### CVE-2026-31802
- **Description**: npm tarball path traversal vulnerability PoC, arbitrary file overwrite via symbolic link extraction.
- **Language**: JavaScript
- **Starred**: 0
- **URL**: https://github.com/Recorded-texteditor120/CVE-2026-31802
- **Severity**: High
- **Impact**: Arbitrary File Overwrite

#### CVE-2026-2991
- **Description**: KiviCare 4.1.2 and below Patient Social Login REST Endpoint Authentication Bypass Vulnerability PoC
- **Language**: PHP
- **Starred**: 0
- **URL**: https://github.com/Jumpthereness578/CVE-2026-2991
- **Severity**: Medium
- **Impact**: Authentication Bypass

#### CVE-2026-26128
- **Description**: CVE-2026-26128 exploit PoC
- **Language**: Python
- **Starred**: 22
- **URL**: https://github.com/jarnovandenbrink/CVE-2026-26128
- **Severity**: High
- **Impact**: To be analyzed

#### copyfail-rs
- **Description**: detects and exploits the CVE-2026-31431 vulnerability using static binaries to monitor system integrity and bypass PAM authentication
- **Language**: Rust
- **Starred**: 0
- **URL**: https://github.com/Liverwortenuresis371/copyfail-rs
- **Severity**: High
- **Impact**: Authentication bypass, elevation of privilege

## Vulnerability Categorization Description

### Categorized by vulnerability type

1. **Elevation of Privilege Vulnerabilities** (4)
- cve_2026_31431 (Linux kernel)
- CVE-2026-31431-Linux-Copy-Fail (Linux kernel)
- Copy-Fail-CVE-2026-31431-Kubernetes-PoC (Container Escape)
- copyfail-rs (Security Tools)

2. **Remote Code Execution Vulnerabilities** (2)
- CVE-2026-21858 (n8n)
- CVE-2026-23918-Apache-H2-PoC (Apache)

3. **Authentication Bypass Vulnerabilities** (3)
- CVE-2026-41940 (cPanel/WHM)
- CVE-2026-2991 (KiviCare)
- copyfail-rs (PAM bypass)

4. **Path Traversal Vulnerabilities** (2)
- CVE-2026-31802 (npm tar)
- CVE-2026-31431-Copy-Fail (research data)

5. **Security Feature Bypass Vulnerability** (1)
- CVE-2026-21509 (Microsoft Office)

### By Programming Language

1. **Python**: 6 PoCs
2. **Rust**: 2 PoCs
3. **Go**: 1 PoC
4. **JavaScript**: 1 PoC
5. **PHP**: 1 PoC
6. **C**: 1 PoC
7. **YAML**: 1 PoC

### Categorized by severity

1. **Severe (CVSS 9.0-10.0)**: 2 PoCs
- CVE-2026-21858 (CVSS 10.0)
- Copy-Fail-CVE-2026-31431-Kubernetes-PoC

2. **High (CVSS 7.0-8.9)**: 8
- cve_2026_31431
- CVE-2026-31431-Linux-Copy-Fail
- CVE-2026-31431-Copy-Fail
- CVE-2026-41940-Exploit-PoC
- CVE-2026-31802
- CVE-2026-26128
- Copyfail-rs
- CVE-2026-23918-Apache-H2-PoC

3. in ** (CVSS 4.0-6.9)**: 2
- CVE-2026-21509-PoC
- CVE-2026-2991

## Instructions for use

### Environment requirements
- Git
- Compiler/interpreter for the corresponding programming language
- Proxy access (for GitHub)

### Security Warning
⚠️ **These PoCs are for security research and license testing purposes only**

1. unauthorized use of these exploit tools is illegal
2. use in a test environment, do not test against production systems
3. Comply with local laws, regulations and code of ethics

### Steps for use

1. **Clone repository**.
```bash
git clone https://github.com/η”¨ζˆ·ε/仓库名.git
``

2. **View Documentation**.
```bash
cd repository name
cat README.md
``

3. **Compile/Run**.
Compile and run according to the repository instructions

## Critical vulnerability details

### CVE-2026-21858 (n8n RCE chain)
- **CVSS Score**: 10.0 (Critical)
- **Scope of Impact**: n8n Workflow Automation Platform
- **Method of attack**: unauthorized arbitrary file reading β†’ remote code execution
- **Exploitation Condition**: No authentication required
- **Remedy Recommendation**: Upgrade to the latest version immediately.

### CVE-2026-31431 (Linux kernel elevation of privilege)
- **CVSS score**: 7.8 (high)
- **Scope**: Linux kernel
- **Method of attack**: page cache corruption β†’ local elevation of privilege
- **Exploit Condition**: local access
- **Remedy Recommendation**: Update kernel version.

### CVE-2026-41940 (cPanel authentication bypass)
- **CVSS score**: 8.1 (high)
- **Scope**: cPanel/WHM
- **Attack method**: Authentication bypass
- **Exploitation Condition**: Network Access
- **Remedy suggestion**: Update cPanel version.

## Suggested follow-up improvements

1. **Expand Search**.
- Add more CVE number searches
- Search other code hosting platforms (GitLab, Bitbucket)
- Monitor security bulletin and vulnerability databases

2. **Automated Updates**.
- Set a timed task to automatically collect new PoCs
- Monitor GitHub security advisories
- Automatically verify PoC availability

3. **Categorization Optimization**.
- Categorize by CVSS score
- Categorized by affected software
- Categorized by Vulnerability Impact
- Classification by Attack Vector

4. **Verification mechanism**.
- Automated verification of PoC availability
- Check PoC security
- Generate exploit reports

## Catalog structure

``
2026/
β”œβ”€β”€ web/ # Web Application Vulnerability PoC
β”‚ β”œβ”€β”€ CVE-2026-21858/
β”‚ β”œβ”€β”€ CVE-2026-31431-Copy-Fail/
β”‚ └── CVE-2026-23918-Apache-H2-PoC/
β”œβ”€β”€ linux/ # Linux Kernel Vulnerability PoC
β”‚ β”œβ”€β”€ cve_2026_31431/
β”‚ β”œβ”€β”€ CVE-2026-31431-Linux-Copy-Fail/
β”‚ └── Copy-Fail-CVE-2026-31431-Kubernetes-PoC/ β”‚ └── Copy-Fail-CVE-2026-31431-Kubernetes-PoC/
β”œβ”€β”€ windows/ # Windows Vulnerability PoC
β”‚ └── CVE-2026-21509-PoC/
β”œβ”€β”€ network/ # Network Device Vulnerability PoC (to be collected)
β”œβ”€β”€ other/ # Other Vulnerabilities PoC
β”‚ β”œβ”€β”€ CVE-2026-41940-Exploit-PoC/ # Network Device Vulnerability PoC (to be collected)
β”‚ β”œβ”€β”€ CVE-2026-31802/ # Other Vulnerability PoCs (to be collected)
β”‚ β”œβ”€β”€ CVE-2026-2991/
β”‚ β”œβ”€β”€ CVE-2026-26128/ β”œβ”€β”€ CVE-2026-26128/
β”‚ └── copyfail-rs/ β”‚ β”œβ”€β”€ CVE-2026-2991/ β”œβ”€β”€ CVE-2026-26128/
β”œβ”€β”€ logs/ # Log files
β”‚ β”œβ”€β”€ github_search.json
β”‚ └── repo_list.txt
β”œβ”€β”€ search_poc.py # Python Search Scripts
β”œβ”€β”€ collect_poc.sh # Raw collection scripts
β”œβ”€β”€ collect_poc_v2.sh # Optimized collection scripts
└── README.md # This report
``

## Contact information

For questions or suggestions, please contact at.
- Create a GitHub Issue
- Send an email to the security team

---

**DISCLAIMER**: This tool is intended for legitimate security research and authorized testing only. Users are expected to comply with all applicable laws and regulations and are responsible for their own actions.