EIP-2026-100171

PRE-CVE

BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100171. PoCs published by Deniz Cevik.

AI-analyzed exploit summary The exploit demonstrates a directory traversal and information disclosure vulnerability in BlogEngine.NET 1.6 via crafted SOAP requests. It allows arbitrary file reads and potential file uploads by manipulating the 'source' and 'destination' parameters.

Description

BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Deniz Cevik · textwebappsasp

https://www.exploit-db.com/exploits/35168

View Code ZIP pw:eip

The exploit demonstrates a directory traversal and information disclosure vulnerability in BlogEngine.NET 1.6 via crafted SOAP requests. It allows arbitrary file reads and potential file uploads by manipulating the 'source' and 'destination' parameters.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: BlogEngine.NET 1.6

No auth needed

Prerequisites: Network access to the BlogEngine.NET SOAP endpoint

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026