EIP-2026-100770

PRE-CVE

Cgiemail 1.6 - Source Code Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100770. PoCs published by Finbar Crago.

AI-analyzed exploit summary This Perl script exploits a local file inclusion vulnerability in cgiemail (version 1.6 and older) by leveraging the cgiecho script to disclose files under the web root. It automates the process of guessing variable names or numbers within square brackets in the target file.

Description

Cgiemail 1.6 - Source Code Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Finbar Crago · perlwebappscgi

https://www.exploit-db.com/exploits/40571

View Code ZIP pw:eip

This Perl script exploits a local file inclusion vulnerability in cgiemail (version 1.6 and older) by leveraging the cgiecho script to disclose files under the web root. It automates the process of guessing variable names or numbers within square brackets in the target file.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: cgiemail 1.6 and older

No auth needed

Prerequisites: Target must have cgiemail installed with cgiecho accessible · Target file must contain guessable square bracket variables

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026