CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit
Unauthenticated to Root RCE:
- LFI via Content-Type confusion
- Read /proc/self/environ to find HOME
- Steal encryption key + database
- Forge admin JWT token
- Expression injection sandbox bypass
- RCE as root
CVSS 10.0
https://github.com/Chocapikk/CVE-2026-21858
Unauthenticated to Root RCE:
- LFI via Content-Type confusion
- Read /proc/self/environ to find HOME
- Steal encryption key + database
- Forge admin JWT token
- Expression injection sandbox bypass
- RCE as root
CVSS 10.0
https://github.com/Chocapikk/CVE-2026-21858
🔥9👍2
Hello everyone, DarkShadow is back.
I want to clarify one important thing:
Quality or Quantity?
In my opinion, quality always matters more than quantity.
I focus on sharing content that actually matters, even if it takes time.
Your understanding and support are always appreciated.❤️
I want to clarify one important thing:
Quality or Quantity?
In my opinion, quality always matters more than quantity.
I focus on sharing content that actually matters, even if it takes time.
Your understanding and support are always appreciated.❤️
❤11🗿6
Guy's check out my new post on our BugBounty POC channel 👇🏼
Bug: passive vertical privilege escalation
Severity: 9.8 (critical)
https://t.iss.one/brutsecurity_poc/220
Bug: passive vertical privilege escalation
Severity: 9.8 (critical)
https://t.iss.one/brutsecurity_poc/220
❤10
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5❤1🔥1
Hey Hunter's,
Do you guys want to learn about how "Google Authenticator" actually works? And how we can bypass it...
If you guys are interested I'll share a detail write-up about the work flow and the bypass method of Google Authenticator 2FA.
Share Your opinion here @brutsec
~DarkShadow
Do you guys want to learn about how "Google Authenticator" actually works? And how we can bypass it...
If you guys are interested I'll share a detail write-up about the work flow and the bypass method of Google Authenticator 2FA.
Share Your opinion here @brutsec
~DarkShadow
👍35🔥12🗿7
🚨 Brut Security | Feb 2026 – Enrollments Open 🚨
Ready to step into cybersecurity the right way?
🔥 Courses Available
• Ethical Hacking
• Web Penetration Testing
• Bug Bounty Hunting
• SOC / SIEM (Blue Team)
💻 Live training + practical labs
🧠 Real-world attack & defense mindset
🎯 Limited seats only
📅 Batch Starts: February 2026
If you’re serious about skills, not certificates — this is for you.
📩 DM Brut Security to enroll
Ready to step into cybersecurity the right way?
🔥 Courses Available
• Ethical Hacking
• Web Penetration Testing
• Bug Bounty Hunting
• SOC / SIEM (Blue Team)
💻 Live training + practical labs
🧠 Real-world attack & defense mindset
🎯 Limited seats only
📅 Batch Starts: February 2026
If you’re serious about skills, not certificates — this is for you.
📩 DM Brut Security to enroll
WhatsApp.com
Brut Security
Business Account
Brut Security pinned «🚨 Brut Security | Feb 2026 – Enrollments Open 🚨 Ready to step into cybersecurity the right way? 🔥 Courses Available • Ethical Hacking • Web Penetration Testing • Bug Bounty Hunting • SOC / SIEM (Blue Team) 💻 Live training + practical labs 🧠 Real-world attack…»
Argus: A Python-based toolkit for Information Gathering & Reconnaissance #OSINT
GitHub: github.com/jasonxtn/Argus
GitHub: github.com/jasonxtn/Argus
❤5👍1
This media is not supported in your browser
VIEW IN TELEGRAM
🚨 CVE-2026-22794: Critical Appsmith Flaw Allows Account Takeover.
🔥PoC -https://github.com/appsmithorg/appsmith/security/advisories/GHSA-7hf5-mc28-xmcv
🔥PoC -https://github.com/appsmithorg/appsmith/security/advisories/GHSA-7hf5-mc28-xmcv
❤4
Hey Hunter's,
DarkShadow is here back again!
hunting backup is a underestimate vulnerability which missed by many bug bounty hunters.
Find API endpoints via reading js or api documentation (if available). Then play with various request methods (e g. GET, POST)
also you might use my this provided simple and effective Wordlist:
Guys I'll soon upload a detailed write-up about "Google Authenticator" workflow fundamentals and chain reaction for bypass it. Until show your love ❤️
#bugbountytips #missconfig
DarkShadow is here back again!
hunting backup is a underestimate vulnerability which missed by many bug bounty hunters.
Find API endpoints via reading js or api documentation (if available). Then play with various request methods (e g. GET, POST)
also you might use my this provided simple and effective Wordlist:
/api/v1/backup/create
/api/v1/backup/export
/api/v1/backup/download/{id}
/api/v1/backup/restore
/api/v1/backup/schedule
/api/v1/backup/config
/api/setup/backup
/api/admin/system/backup/run
/api/manage/backup/snapshot
/api/settings/maintenance/backup
/api/system/export-data
/api/db/backup/start
/api/db/dump
/api/v1/database/snapshot
/api/v1/sql/backup
/api/v1/storage/archive
/api/v1/sync/backup
/api/v1/volumes/{id}/snapshot
/api/v1/backups/checkpoints
Guys I'll soon upload a detailed write-up about "Google Authenticator" workflow fundamentals and chain reaction for bypass it. Until show your love ❤️
#bugbountytips #missconfig
🔥6👍2