EIP-2026-100755
PRE-CVEBasiliX Webmail 1.1 - Email Header HTML Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-100755. PoCs published by Roman Medina-Heigl Hernandez.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in BasiliX Webmail due to improper sanitization of email header strings. It allows an attacker to inject malicious scripts to steal cookie-based authentication credentials.
Description
BasiliX Webmail 1.1 - Email Header HTML Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Roman Medina-Heigl Hernandez · textwebappscgi
https://www.exploit-db.com/exploits/24254
This exploit demonstrates an HTML injection vulnerability in BasiliX Webmail due to improper sanitization of email header strings. It allows an attacker to inject malicious scripts to steal cookie-based authentication credentials.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
BasiliX Webmail
No auth needed
Prerequisites:
Ability to send crafted email headers to a victim using BasiliX Webmail
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026