[FALSE-POSITIVE] ...CVE-2026-25892.yaml

[canaliozdemir]

Template IDs or paths

- ...
http/cves/2026/CVE-2026-25892.yaml

Environment

- OS: 
- Nuclei: 
- Go:

Steps To Reproduce

nuclei -t cve-2026-25892.yaml -u 127.0.0.1:8080

Relevant dumped responses

Anything else?

First of all, I would like to thank the person who created this YAML. As a result of my tests, I noticed some significant shortcomings. Firstly, when I tried to extract the version using the extractor after identifying the product, I saw that some version information was missing, for example, version 5.4.1.

For this;

extractors:

• type: regex
  name: version
  part: body
  group: 1
  regex:
• '([0-9.]+)'
• 'amp;version=([0-9.]+)'

I suggest a correction.

Secondly;

The compare version condition written to the type dsl in matchers works as two different conditions, and the first condition => for 4.6.2, provides a product with version 5.4.2, thus printing a vulnerable 5.4.2 product, which is a serious error.

For this;
compare_versions(version, '>=4.6.2', '<=5.4.1')
I suggest a correction.

[DhiyaneshGeek]

Hi @canaliozdemir

Thanks for raising the issue , we have fixed the issue and raised PR for the same #15462

Let us know if these changes works 😄

[canaliozdemir]

hi, @DhiyaneshGeek

you should fix extractors part too, like below.

thank you :)

extractors:
- type: regex
name: version
part: body
group: 1
regex:
- '([0-9.]+)'
- 'amp;version=([0-9.]+)'

[DhiyaneshGeek]

Hi @canaliozdemir

i have fixed it now cd0c600