Hack The Box - Snapped Writeup
Machine: Snapped Difficulty: Hard OS: Linux Overview Snapped is a hard-difficulty Linux machine that chains two recent CVEs to go from CVE-2026–27944 — Nginx-UI unauthenticated backup endpoint that returns its own decryption key, leaking credentials from the internal database. CVE-202
ORIGINAL SOURCE →via Dev.to
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] CVE-2026-41316 - ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
- [CYBER] CVE-2026-41309 - Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing
- [CYBER] CVE-2026-41305 - PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
- [CYBER] CVE-2026-40254 - FreeRDP: contains_dotdot() off-by-one allows drive channel path traversal via terminal ..
- [CYBER] CVE-2026-33318 - Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
- [CYBER] CVE-2026-33317 - OP-TEE: PKCS#11 TA out-of-bounds read and memory disclosure