Skip to content

Add vpatch-CVE-2026-8037 rule and test#58

Open
crowdsec-automation wants to merge 4 commits into
masterfrom
1783515343-vpatch-CVE-2026-8037
Open

Add vpatch-CVE-2026-8037 rule and test#58
crowdsec-automation wants to merge 4 commits into
masterfrom
1783515343-vpatch-CVE-2026-8037

Conversation

@crowdsec-automation

Copy link
Copy Markdown

This rule targets unauthenticated OS command injection in Progress ADC LoadMaster (CVE-2026-8037). The attack is performed by sending a POST request to the /accessv2 endpoint with a JSON body containing parameters like g0, g1, etc., where the value includes a command injection pattern such as '; cat /etc/passwd #.

  • The first rule block matches requests to the /accessv2 endpoint, using a case-insensitive comparison.
  • The second rule block inspects the JSON body arguments named g0 through g9 (covering the most likely used parameters in real-world attacks, as the exploit uses a large set of such parameters). It applies lowercase and urldecode transforms to ensure normalization and case insensitivity.
  • The match looks for the substring '; which is a strong indicator of command injection attempts in this context.
  • The labels section includes the CVE, ATT&CK, and CWE references, and the product/vuln class label is formatted as required.

The test nuclei template is reduced to a single parameter (g0) for clarity and efficiency, and the matcher only checks for a 403 status code, as per the guidelines.

Validation Checklist:

  • All value: fields are lowercase.
  • All relevant transforms include lowercase.
  • No match.value contains capital letters.
  • The rule uses contains instead of regex where applicable.

Exploit URL: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-8037.yaml

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hello @crowdsec-automation and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2026-8037 🔴

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Hello @crowdsec-automation,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants