EIP-2026-100758

PRE-CVE

Biz Mail Form 2.x - Unauthorized Mail Relay

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100758. PoCs published by Jason Frisvold.

AI-analyzed exploit summary This exploit demonstrates a mail relay vulnerability in Biz Mail Form by injecting arbitrary SMTP headers using CR and LF sequences. It allows an attacker to send emails to arbitrary recipients by manipulating form input.

Description

Biz Mail Form 2.x - Unauthorized Mail Relay

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jason Frisvold · textwebappscgi
https://www.exploit-db.com/exploits/25147

This exploit demonstrates a mail relay vulnerability in Biz Mail Form by injecting arbitrary SMTP headers using CR and LF sequences. It allows an attacker to send emails to arbitrary recipients by manipulating form input.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Biz Mail Form (including version 2.2)
No auth needed
Prerequisites: Access to the vulnerable Biz Mail Form web interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026