CVE-2026-27384

CRITICAL

W3 Total Cache <=2.9.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-27384. PoCs published by xxconi.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-27384, targeting W3 Total Cache <= 2.9.1. The exploit leverages a bypass in the `preg_quote()` function and inconsistent regex patterns to achieve unauthenticated remote code execution via the `mfunc` dynamic fragment caching feature.

Description

Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.

Exploits (1)

github WORKING POC
by xxconi · pythonpoc
https://github.com/xxconi/CVE-2026-27384

This repository contains a functional exploit for CVE-2026-27384, targeting W3 Total Cache <= 2.9.1. The exploit leverages a bypass in the `preg_quote()` function and inconsistent regex patterns to achieve unauthenticated remote code execution via the `mfunc` dynamic fragment caching feature.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: W3 Total Cache <= 2.9.1
No auth needed
Prerequisites: W3 Total Cache plugin installed and activated · Dynamic Fragment Caching enabled · W3TC_DYNAMIC_SECURITY token containing a regex metacharacter
devstral-2 · analyzed May 26, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.0
EPSS 0.0030
EPSS Percentile 21.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1284
Status published
Products (1)
BoldGrid/W3 Total Cache < 2.9.1
Published Mar 05, 2026
Tracked Since Mar 05, 2026