CVE-2018-8096

CRITICAL

Datalust Seq <4.2.605 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8096. PoCs published by Daniel Chactoura.

AI-analyzed exploit summary This exploit bypasses authentication in Seq versions <= 4.2.476 by sending a PUT request to disable authentication settings. It first verifies the target version before attempting the bypass.

Description

Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request.

Exploits (1)

exploitdb WORKING POC

by Daniel Chactoura · pythonwebappswindows

https://www.exploit-db.com/exploits/45136

View Code ZIP pw:eip

This exploit bypasses authentication in Seq versions <= 4.2.476 by sending a PUT request to disable authentication settings. It first verifies the target version before attempting the bypass.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Seq <= 4.2.476

No auth needed

Prerequisites: Target must be running a vulnerable version of Seq · Network access to the target's API endpoint

MITRE ATT&CK

T1556.004 - Network Device Authentication

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/datalust/seq-tickets/issues/675

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://medium.com/stolabs/bypass-admin-authentication-on-seq-17f0f9e02732

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45136/

Scores

CVSS v3 9.8

EPSS 0.5006

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

datalust/seq < 4.2.605

Published Mar 14, 2018

Tracked Since Feb 18, 2026