EIP-2026-100970

PRE-CVE

McAfee Email Gateway - Web Administration Broken Access Control

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100970. PoCs published by Nahuel Grisolia.

AI-analyzed exploit summary This advisory describes a broken access control vulnerability in McAfee Email Gateway (formerly IronMail) version 6.7.1, allowing Web Access users with Write rights to execute arbitrary actions due to improper profile checks. The vulnerability is local and requires authentication.

Description

McAfee Email Gateway - Web Administration Broken Access Control

Exploits (1)

exploitdb WRITEUP VERIFIED
by Nahuel Grisolia · textwebappsfreebsd
https://www.exploit-db.com/exploits/12658

This advisory describes a broken access control vulnerability in McAfee Email Gateway (formerly IronMail) version 6.7.1, allowing Web Access users with Write rights to execute arbitrary actions due to improper profile checks. The vulnerability is local and requires authentication.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: McAfee Email Gateway (formerly IronMail) ver.6.7.1
Auth required
Prerequisites: Access to Web Access user account with Write rights
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026