EIP-2026-100382

PRE-CVE

JSFTemplating / Mojarra Scales / GlassFish - File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100382. PoCs published by SEC Consult.

AI-analyzed exploit summary This advisory details a file disclosure vulnerability in JSFTemplating, Mojarra Scales, and GlassFish Application Server v3 Admin console, allowing attackers to read sensitive files and directory listings via crafted HTTP requests. The vulnerability is due to improper input validation in the FileStreamer/PhaseListener component.

Description

JSFTemplating / Mojarra Scales / GlassFish - File Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED

by SEC Consult · textwebappsasp

https://www.exploit-db.com/exploits/9562

View Code ZIP pw:eip

This advisory details a file disclosure vulnerability in JSFTemplating, Mojarra Scales, and GlassFish Application Server v3 Admin console, allowing attackers to read sensitive files and directory listings via crafted HTTP requests. The vulnerability is due to improper input validation in the FileStreamer/PhaseListener component.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: JSFTemplating (< v1.2.11), Mojarra Scales (< v1.3.2), GlassFish Application Server v3 Preview

No auth needed

Prerequisites: Access to the vulnerable application's URL endpoints

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026