EIP-2026-101174

PRE-CVE

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101174. PoCs published by Benjamin Kunz Mejri.

AI-analyzed exploit summary This exploit demonstrates persistent HTML injection vulnerabilities in Barracuda Email Security Service. It shows how an attacker can inject malicious HTML and script code into the 'Directory Services' and 'Reports' modules, potentially leading to cookie theft or rendering control.

Description

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Benjamin Kunz Mejri · textremotehardware

https://www.exploit-db.com/exploits/37564

View Code ZIP pw:eip

This exploit demonstrates persistent HTML injection vulnerabilities in Barracuda Email Security Service. It shows how an attacker can inject malicious HTML and script code into the 'Directory Services' and 'Reports' modules, potentially leading to cookie theft or rendering control.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Barracuda Email Security Service 2.0.2

Auth required

Prerequisites: Privileged user account · Access to vulnerable modules

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026