EIP-2026-100233

PRE-CVE

CPaint 1.3 - xmlhttp Request Input Validation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100233. PoCs published by Thor Larholm.

AI-analyzed exploit summary The exploit demonstrates an input validation vulnerability in CPAINT, allowing arbitrary code execution via crafted URLs. The PoC shows how malicious scripts can be injected through the 'cpaint_argument' parameter.

Description

CPaint 1.3 - xmlhttp Request Input Validation

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thor Larholm · textwebappsasp

https://www.exploit-db.com/exploits/26156

View Code ZIP pw:eip

The exploit demonstrates an input validation vulnerability in CPAINT, allowing arbitrary code execution via crafted URLs. The PoC shows how malicious scripts can be injected through the 'cpaint_argument' parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CPAINT (version not specified)

No auth needed

Prerequisites: Access to the target server's URL

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026