EIP-2026-100354

PRE-CVE

HttpCombiner ASP.NET - Remote File Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100354. PoCs published by Le Ngoc Son.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in HttpCombiner ASP.NET. The vulnerability allows remote attackers to read arbitrary files, such as web.config, by manipulating the 's' parameter in the HttpCombiner.ashx handler.

Description

HttpCombiner ASP.NET - Remote File Disclosure

Exploits (1)

exploitdb WRITEUP
by Le Ngoc Son · textwebappsasp
https://www.exploit-db.com/exploits/34920

This is a writeup describing an information disclosure vulnerability in HttpCombiner ASP.NET. The vulnerability allows remote attackers to read arbitrary files, such as web.config, by manipulating the 's' parameter in the HttpCombiner.ashx handler.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: HttpCombiner v1.0
No auth needed
Prerequisites: Target must have HttpCombiner.ashx exposed and accessible
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026