EIP-2026-104358

PRE-CVE

Nginx 0.6.x - Arbitrary Code Execution NullByte Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104358. PoCs published by Neal Poole.

AI-analyzed exploit summary This exploit describes a null byte injection vulnerability in older versions of nginx (0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37) that allows arbitrary code execution by appending %00.php to a URI, bypassing FastCGI module restrictions. The proof of concept demonstrates how null bytes can be injected into URIs to exploit the vulnerability.

Description

Nginx 0.6.x - Arbitrary Code Execution NullByte Injection

Exploits (1)

exploitdb WRITEUP VERIFIED
by Neal Poole · textwebappsmultiple
https://www.exploit-db.com/exploits/24967

This exploit describes a null byte injection vulnerability in older versions of nginx (0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37) that allows arbitrary code execution by appending %00.php to a URI, bypassing FastCGI module restrictions. The proof of concept demonstrates how null bytes can be injected into URIs to exploit the vulnerability.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: nginx versions 0.5.*, 0.6.*, 0.7 <= 0.7.65, 0.8 <= 0.8.37
No auth needed
Prerequisites: Vulnerable version of nginx · FastCGI module enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026