← All posts
#

bcrypt

1 post

HTB Snapped (Hard): CVE-2026-27944, bcrypt, and Two Paths to Root via PackageKit and snap-confine
HTB · Hard

HTB Snapped (Hard): CVE-2026-27944, bcrypt, and Two Paths to Root via PackageKit and snap-confine

From an unauthenticated Nginx UI backup disclosure (CVE-2026-27944), a bcrypt hash is cracked to gain user access. Privilege escalation is possible via either CVE-2026-41651 (PackageKit TOCTOU) or the intended race condition in snap-confine (CVE-2026-3888).

09 Jun 2026 Hard