CVE•Published 2026-05-13•Modified 2026-05-14•1 article on news•6 live references•NVD data
CVE-2026-8500
Vulnerability data via NVD (ingested)
CVSS v3.1
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
—
Weaknesses (CWE)
Description
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection.
Timeline
Published 2026-05-13
Modified 2026-05-14
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2026-8500Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-8500Censys host search filtered to this CVE id.
grep.app
CVE-2026-8500Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-8500GitHub code search for direct mentions.
Google dork
"CVE-2026-8500" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (4)
CVE-2026-85004 repos
openlegion-ai/openlegionPython
Secure autonomous AI agent framework and platform. Build AI teams by describing what you want. Orchestrate agents that can do everything a human can do.
onewinner/Lightxunknown
Lightx 是一款轻量级、高效率的网络安全扫描工具,专为安全研究人员和渗透测试工程师设计。它集成了端口扫描、服务识别、Web指纹识别、漏洞扫描和弱口令检测等功能,提供全面的安全评估能力。并覆盖多数两高一弱场景。
mrwhite4939/mrwhite4939unknown
mccright/referencesunknown
Collection of reusable references