Share
## https://sploitus.com/exploit?id=B7BAFDF9-C9BF-5517-A7B6-4A46F1DFEDEC
# CVE-2026 PoC Collection Report
**Collection date**: May 19, 2026
**Collection tool**: automated script + proxy access
**Proxy**: socks5://root:***@146.235.216.7:38163
## Collect Statistics
- **Total PoCs**: 12
- **Category Statistics**.
- Web Application Vulnerabilities: 3
- Linux Kernel Vulnerabilities: 3
- Windows Vulnerabilities: 1
- Other Vulnerabilities: 5
## Detailed PoC List
### 1. Web Application Vulnerabilities
#### CVE-2026-21858 (CVSS 10.0)
- **Description**: n8n Ni8mare - Unauthorized arbitrary file read into RCE chain
- **Language**: Python
- **Starred**: 257
- **URL**: https://github.com/Chocapikk/CVE-2026-21858
- **Severity**: Critical
- **Impact**: Remote code execution
#### CVE-2026-23918-Apache-H2-PoC
- **Description**: Apache mod_http2 Double Release Vulnerability PoC with support for multi-modal DoS and passive RCE detection
- **Language**: Python
- **Starred**: 15
- **URL**: https://github.com/xeloxa/CVE-2026-23918-Apache-H2-PoC
- **Severity**: High
- **Impact**: Denial of Service, Remote Code Execution
#### CVE-2026-31431-Copy-Fail
- **Description**: Linux local elevation of privilege vulnerability research material, PoC scripts and experimental assets
- **Language**: C
- **Starred**: 5
- **URL**: https://github.com/4xura/CVE-2026-31431-Copy-Fail
- **Severity**: High
- **Impact**: Local Elevation of Privilege
### 2. Linux kernel vulnerabilities
#### cve_2026_31431
- **Description**: CVE-2026-31431 exploit PoC
- **Language**: Python
- **Starred**: 558
- **URL**: https://github.com/rootsecdev/cve_2026_31431
- **Severity**: High
- **Impact**: Local elevation of privilege
#### CVE-2026-31431-Linux-Copy-Fail
- **Description**: Exploit of CVE-2026-31431 using Rust to achieve local elevation of privilege via arbitrary page slow write primitives.
- **Language**: Rust
- **Starred**: 2
- **URL**: https://github.com/Dullpurple-sloop726/CVE-2026-31431-Linux-Copy-Fail
- **Severity**: High
- **Impact**: Local elevation of privilege
#### Copy-Fail-CVE-2026-31431-Kubernetes-PoC
- **Description**: Kubernetes Container Escape PoC for node-level code execution via CVE-2026-31431 page cache corruption.
- **Language**: YAML
- **Starred**: 138
- **URL**: https://github.com/Percivalll/Copy-Fail-CVE-2026-31431-Kubernetes-PoC
- **Severity**: Critical
- **Impact**: container escape, node-level code execution
### 3. Windows Vulnerabilities
#### CVE-2026-21509-PoC
- **Description**: Microsoft Office security feature bypasses the vulnerability education PoC to generate harmless DOCX files to study EDR/AV visibility
- **Language**: Python
- **Starred**: 17
- **URL**: https://github.com/gavz/CVE-2026-21509-PoC
- **Severity**: Medium
- **Impact**: Security feature bypassed
### 4. Other Vulnerabilities
#### CVE-2026-41940-Exploit-PoC
- **Description**: cPanel and WHM authentication bypass vulnerability PoC tool, written in Go.
- **Language**: Go
- **Starred**: 0
- **URL**: https://github.com/Defacto-ridgepole254/CVE-2026-41940-Exploit-PoC
- **Severity**: High
- **Impact**: Authentication Bypass
#### CVE-2026-31802
- **Description**: npm tarball path traversal vulnerability PoC, arbitrary file overwrite via symbolic link extraction.
- **Language**: JavaScript
- **Starred**: 0
- **URL**: https://github.com/Recorded-texteditor120/CVE-2026-31802
- **Severity**: High
- **Impact**: Arbitrary File Overwrite
#### CVE-2026-2991
- **Description**: KiviCare 4.1.2 and below Patient Social Login REST Endpoint Authentication Bypass Vulnerability PoC
- **Language**: PHP
- **Starred**: 0
- **URL**: https://github.com/Jumpthereness578/CVE-2026-2991
- **Severity**: Medium
- **Impact**: Authentication Bypass
#### CVE-2026-26128
- **Description**: CVE-2026-26128 exploit PoC
- **Language**: Python
- **Starred**: 22
- **URL**: https://github.com/jarnovandenbrink/CVE-2026-26128
- **Severity**: High
- **Impact**: To be analyzed
#### copyfail-rs
- **Description**: detects and exploits the CVE-2026-31431 vulnerability using static binaries to monitor system integrity and bypass PAM authentication
- **Language**: Rust
- **Starred**: 0
- **URL**: https://github.com/Liverwortenuresis371/copyfail-rs
- **Severity**: High
- **Impact**: Authentication bypass, elevation of privilege
## Vulnerability Categorization Description
### Categorized by vulnerability type
1. **Elevation of Privilege Vulnerabilities** (4)
- cve_2026_31431 (Linux kernel)
- CVE-2026-31431-Linux-Copy-Fail (Linux kernel)
- Copy-Fail-CVE-2026-31431-Kubernetes-PoC (Container Escape)
- copyfail-rs (Security Tools)
2. **Remote Code Execution Vulnerabilities** (2)
- CVE-2026-21858 (n8n)
- CVE-2026-23918-Apache-H2-PoC (Apache)
3. **Authentication Bypass Vulnerabilities** (3)
- CVE-2026-41940 (cPanel/WHM)
- CVE-2026-2991 (KiviCare)
- copyfail-rs (PAM bypass)
4. **Path Traversal Vulnerabilities** (2)
- CVE-2026-31802 (npm tar)
- CVE-2026-31431-Copy-Fail (research data)
5. **Security Feature Bypass Vulnerability** (1)
- CVE-2026-21509 (Microsoft Office)
### By Programming Language
1. **Python**: 6 PoCs
2. **Rust**: 2 PoCs
3. **Go**: 1 PoC
4. **JavaScript**: 1 PoC
5. **PHP**: 1 PoC
6. **C**: 1 PoC
7. **YAML**: 1 PoC
### Categorized by severity
1. **Severe (CVSS 9.0-10.0)**: 2 PoCs
- CVE-2026-21858 (CVSS 10.0)
- Copy-Fail-CVE-2026-31431-Kubernetes-PoC
2. **High (CVSS 7.0-8.9)**: 8
- cve_2026_31431
- CVE-2026-31431-Linux-Copy-Fail
- CVE-2026-31431-Copy-Fail
- CVE-2026-41940-Exploit-PoC
- CVE-2026-31802
- CVE-2026-26128
- Copyfail-rs
- CVE-2026-23918-Apache-H2-PoC
3. in ** (CVSS 4.0-6.9)**: 2
- CVE-2026-21509-PoC
- CVE-2026-2991
## Instructions for use
### Environment requirements
- Git
- Compiler/interpreter for the corresponding programming language
- Proxy access (for GitHub)
### Security Warning
β οΈ **These PoCs are for security research and license testing purposes only**
1. unauthorized use of these exploit tools is illegal
2. use in a test environment, do not test against production systems
3. Comply with local laws, regulations and code of ethics
### Steps for use
1. **Clone repository**.
```bash
git clone https://github.com/η¨ζ·ε/δ»εΊε.git
``
2. **View Documentation**.
```bash
cd repository name
cat README.md
``
3. **Compile/Run**.
Compile and run according to the repository instructions
## Critical vulnerability details
### CVE-2026-21858 (n8n RCE chain)
- **CVSS Score**: 10.0 (Critical)
- **Scope of Impact**: n8n Workflow Automation Platform
- **Method of attack**: unauthorized arbitrary file reading β remote code execution
- **Exploitation Condition**: No authentication required
- **Remedy Recommendation**: Upgrade to the latest version immediately.
### CVE-2026-31431 (Linux kernel elevation of privilege)
- **CVSS score**: 7.8 (high)
- **Scope**: Linux kernel
- **Method of attack**: page cache corruption β local elevation of privilege
- **Exploit Condition**: local access
- **Remedy Recommendation**: Update kernel version.
### CVE-2026-41940 (cPanel authentication bypass)
- **CVSS score**: 8.1 (high)
- **Scope**: cPanel/WHM
- **Attack method**: Authentication bypass
- **Exploitation Condition**: Network Access
- **Remedy suggestion**: Update cPanel version.
## Suggested follow-up improvements
1. **Expand Search**.
- Add more CVE number searches
- Search other code hosting platforms (GitLab, Bitbucket)
- Monitor security bulletin and vulnerability databases
2. **Automated Updates**.
- Set a timed task to automatically collect new PoCs
- Monitor GitHub security advisories
- Automatically verify PoC availability
3. **Categorization Optimization**.
- Categorize by CVSS score
- Categorized by affected software
- Categorized by Vulnerability Impact
- Classification by Attack Vector
4. **Verification mechanism**.
- Automated verification of PoC availability
- Check PoC security
- Generate exploit reports
## Catalog structure
``
2026/
βββ web/ # Web Application Vulnerability PoC
β βββ CVE-2026-21858/
β βββ CVE-2026-31431-Copy-Fail/
β βββ CVE-2026-23918-Apache-H2-PoC/
βββ linux/ # Linux Kernel Vulnerability PoC
β βββ cve_2026_31431/
β βββ CVE-2026-31431-Linux-Copy-Fail/
β βββ Copy-Fail-CVE-2026-31431-Kubernetes-PoC/ β βββ Copy-Fail-CVE-2026-31431-Kubernetes-PoC/
βββ windows/ # Windows Vulnerability PoC
β βββ CVE-2026-21509-PoC/
βββ network/ # Network Device Vulnerability PoC (to be collected)
βββ other/ # Other Vulnerabilities PoC
β βββ CVE-2026-41940-Exploit-PoC/ # Network Device Vulnerability PoC (to be collected)
β βββ CVE-2026-31802/ # Other Vulnerability PoCs (to be collected)
β βββ CVE-2026-2991/
β βββ CVE-2026-26128/ βββ CVE-2026-26128/
β βββ copyfail-rs/ β βββ CVE-2026-2991/ βββ CVE-2026-26128/
βββ logs/ # Log files
β βββ github_search.json
β βββ repo_list.txt
βββ search_poc.py # Python Search Scripts
βββ collect_poc.sh # Raw collection scripts
βββ collect_poc_v2.sh # Optimized collection scripts
βββ README.md # This report
``
## Contact information
For questions or suggestions, please contact at.
- Create a GitHub Issue
- Send an email to the security team
---
**DISCLAIMER**: This tool is intended for legitimate security research and authorized testing only. Users are expected to comply with all applicable laws and regulations and are responsible for their own actions.