EIP-2026-101324

PRE-CVE

iPhone Guitar - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101324. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in iPhone Guitar software, allowing unauthorized access to sensitive files on an iOS device. The script uses URL encoding to traverse directories and retrieve files such as the address book, Safari data, and system files.

Description

iPhone Guitar - Directory Traversal

Exploits (1)

exploitdb WORKING POC

by Khashayar Fereidani · textremotehardware

https://www.exploit-db.com/exploits/16239

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in iPhone Guitar software, allowing unauthorized access to sensitive files on an iOS device. The script uses URL encoding to traverse directories and retrieve files such as the address book, Safari data, and system files.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: iPhone Guitar (IOS 4.0.1)

No auth needed

Prerequisites: Network access to the vulnerable iPhone Guitar service · Service running on the target device

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026