EIP-2026-100549

PRE-CVE

Sitecore CMS 6.4.1 - 'url' Open Redirection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100549. PoCs published by Tom Neaves.

AI-analyzed exploit summary The code describes a URI-redirection vulnerability in Sitecore CMS due to improper input sanitization. It provides a proof-of-concept URL that demonstrates the vulnerability by redirecting users to an arbitrary site.

Description

Sitecore CMS 6.4.1 - 'url' Open Redirection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tom Neaves · textwebappsasp

https://www.exploit-db.com/exploits/36001

View Code ZIP pw:eip

The code describes a URI-redirection vulnerability in Sitecore CMS due to improper input sanitization. It provides a proof-of-concept URL that demonstrates the vulnerability by redirecting users to an arbitrary site.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Sitecore CMS versions 6.4.1 rev. 110324 and prior

No auth needed

Prerequisites: A vulnerable version of Sitecore CMS · User interaction to click on a malicious link

MITRE ATT&CK

T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026