Researchers disclosed CVE-2026-27654, a heap buffer overflow in NGINX's ngx_http_dav_copy_move_handler() that affects deployments compiled with ngx_http_dav_module and configured with alias alongside WebDAV COPY or MOVE methods. The bug stems from an unsigned underflow in ngx_http_map_uri_to_path() when a Destination header is shorter than the location prefix, allowing WebDAV root escape and arbitrary file read or write within the worker process's filesystem permissions. Calif.io said it developed multiple proof-of-concept exploits with AI assistance, including variants that could copy sensitive files such as /etc/passwd into attacker-accessible locations and write files through PUT and COPY, while noting that human researchers were needed to turn the initial AI-generated crash into a practical exploit chain.
F5 and the NGINX security team were notified in March and released a fix in NGINX 1.29.7 with advisory K000160382, while Calif later published PoC materials on GitHub describing the work as AI-generated and human-verified. Separately, Nebula Security reported a distinct NGINX zero-day dubbed nginx-poolslip, describing remote code execution in dynamic variable parsing paths affecting NGINX 1.31.0 and claiming its autonomous AI agent discovered the flaw; the report said technical details were initially withheld during disclosure and that NGINX 1.31.1 was later released as the patch. Together, the disclosures underscore a rapid cycle in which AI-assisted research is producing crash reproduction, exploit development, and fresh vulnerability claims against widely deployed NGINX code.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
According to the report, NGINX later released version 1.31.1 to patch the nginx-poolslip vulnerability. The issue was described as affecting both NGINX Open Source and NGINX Plus because they share the same core codebase.
Nebula Security disclosed an NGINX remote code execution zero-day dubbed nginx-poolslip, reportedly affecting NGINX 1.31.0. The company said no CVE had yet been assigned and that technical details were being withheld during a 30-day responsible disclosure window while F5 worked on a fix.
The Calif GitHub repository for CVE-2026-27654 was updated with a human-written blog post and README refresh. The repository continued to present the PoCs as AI-generated and human-verified.
Calif.io published a detailed analysis of CVE-2026-27654 describing multiple proof-of-concept exploits, including arbitrary file write and more practical arbitrary file read variants. The associated repository indicates the PoC directories were added the same day.
On the same day the fix became public, an AI-powered commit watcher independently derived a crashing proof of concept from the patch commit. The writeup cites this as evidence that AI is shrinking the time between patch release and exploit reproduction.
F5/NGINX released nginx 1.29.7 and advisory K000160382 to address CVE-2026-27654. The fix closed the heap buffer overflow in ngx_http_dav_copy_move_handler() caused by an unsigned underflow in ngx_http_map_uri_to_path().
Calif.io researchers reported a heap buffer overflow in nginx's WebDAV COPY/MOVE handling to F5 and the NGINX security team. The flaw affected configurations using ngx_http_dav_module with alias and could enable WebDAV root escape for arbitrary file read or write within worker process permissions.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
thecybersecguru.com
Open sourcegithub.com
Open sourceblog.calif.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.