Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-100758. PoCs published by Jason Frisvold.
AI-analyzed exploit summary This exploit demonstrates a mail relay vulnerability in Biz Mail Form by injecting arbitrary SMTP headers using CR and LF sequences. It allows an attacker to send emails to arbitrary recipients by manipulating form input.
Description
Biz Mail Form 2.x - Unauthorized Mail Relay
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jason Frisvold · textwebappscgi
https://www.exploit-db.com/exploits/25147
This exploit demonstrates a mail relay vulnerability in Biz Mail Form by injecting arbitrary SMTP headers using CR and LF sequences. It allows an attacker to send emails to arbitrary recipients by manipulating form input.
Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
Biz Mail Form (including version 2.2)
No auth needed
Prerequisites:
Access to the vulnerable Biz Mail Form web interface
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026