## https://sploitus.com/exploit?id=FB774AC0-68D8-53A1-A43B-0733FA9AF1BD
# CVE-2026-11561 โ Apinizer SSTI / RCE Version Check (Infra)
Nuclei template to detect Apinizer versions lower than `2026.04.6`, which are vulnerable to CVE-2026-11561 (Server-Side Template Injection leading to Remote Code Execution, CVSS 9.8).
## Usage
```bash
echo | nuclei -t apinizer-version-check.yaml
```
## How it works
1. Fetches the admin panel (internal/infra UI) homepage and extracts the main JavaScript file path (e.g. `main.a4f86d2754091e79.js`).
2. Fetches the JS file and matches the `VERSION` string against vulnerable version patterns.
## Vulnerability
CVE-2026-11561 affects Apinizer versions < `2026.04.6`.
## Note
The Apinizer admin panel is an internal/infra component typically deployed on internal networks and is not publicly exposed. Version information is extracted from the admin UI's JavaScript bundle. This template targets the management plane, not the API gateway.