How to verify CVE-2026-54157

Confirm whether your systems are actually affected — run the detection command below for a yes/no answer.

How to verify this vulnerability

Scanner data tells you how to confirm whether your systems are actually affected — not just that the CVE exists. Run a Nuclei template against your target for a yes/no answer in seconds.

What's a Nuclei template? Nuclei is a free, open-source scanner. A template is a small YAML rule that probes a target and reports whether it's vulnerable. Runs locally, no agent.

Nuclei template (1)
Detection command
References & advisories

1 · AUTOMATEDDetection command

nuclei -id CVE-2026-54157 -u https://your-target -rl 50 -timeout 10

Runs against your own host. Don't have Nuclei? Install guide ↗

1 Nuclei template

mediumOfficialVerifiedhttpLobeHub LobeChat <= 2.1.56 - Server-Side Request ForgeryGitHub ↗

Find every CVE you can verify

Search the whole database by Nuclei coverage — filter by vendor, severity and KEV to build a verification list for your entire stack.

Filter all CVEs that ship a Nuclei template
Combine with vendor, severity & KEV
Build a scan list across your stack

Browse verifiable CVEs — Free

This template is on GitHub already — an account lets you search and filter every CVE that has one, not just this CVE.

Want us to check this for you?

Request a complimentary external exposure review — we'll look for this and more across your domain.

Request free review

Nuclei References

Latest high-severity CVEs you can verify

Newest critical/high vulnerabilities that ship a Nuclei template.

CVE-2026-541579.0◎ 1

LobeHub: Unauthenticated SSRF in `/webapi/proxy`

CVE-2025-691897.3◎ 1

WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability

CVE-2024-329498.3◎ 1

WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability

CVE-2024-327297.5◎ 1

WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability

CVE-2025-310137.1◎ 8

WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability

CVE-2026-223438.6◎ 1

WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

CVE-2026-223428.8◎ 1

WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability

CVE-2026-223409.3◎ 1

WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

Trending CVEs to verify now

What the security world is discussing right now — and can be checked with Nuclei.

CVE-2026-20253↑ trendingKEV◎ 1

Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

CVE-2026-4020↑ trending◎ 1

Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API

CVE-2026-48907↑ trendingKEV◎ 1

Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5

CVE-2023-3519↑ trendingKEV◎ 1

Unauthenticated remote code execution

CVE-2025-24813↑ trendingKEV◎ 1

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

CVE-2025-5777↑ trendingKEV◎ 1

NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread

CVE-2023-48788↑ trendingKEV◎ 1

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to...

CVE-2024-57727↑ trendingKEV◎ 1

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the Simpl...