EIP-2026-100476
PRE-CVEPD9 Software MegaBBS 2.0/2.1 - 'thread-post.asp' Multiple Header CRLF Injections
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-100476. PoCs published by pigrelax.
AI-analyzed exploit summary The exploit demonstrates HTTP response splitting and SQL injection vulnerabilities in MegaBBS versions 2.0 and 2.1. It leverages insufficient input sanitization to inject malicious HTTP headers and responses.
Description
PD9 Software MegaBBS 2.0/2.1 - 'thread-post.asp' Multiple Header CRLF Injections
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by pigrelax · textwebappsasp
https://www.exploit-db.com/exploits/24631
The exploit demonstrates HTTP response splitting and SQL injection vulnerabilities in MegaBBS versions 2.0 and 2.1. It leverages insufficient input sanitization to inject malicious HTTP headers and responses.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
MegaBBS 2.0, 2.1
No auth needed
Prerequisites:
Access to the target MegaBBS instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026