EIP-2026-101485

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101485. PoCs published by Ivan Huertas.

AI-analyzed exploit summary This exploit demonstrates arbitrary file download and upload vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance. The download section shows directory traversal to fetch /etc/passwd, while the upload section demonstrates arbitrary file upload leading to remote code execution via a JSP webshell.

Description

Trend Micro Interscan Web Security Virtual Appliance - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ivan Huertas · textremotehardware

https://www.exploit-db.com/exploits/34184

View Code ZIP pw:eip

This exploit demonstrates arbitrary file download and upload vulnerabilities in Trend Micro InterScan Web Security Virtual Appliance. The download section shows directory traversal to fetch /etc/passwd, while the upload section demonstrates arbitrary file upload leading to remote code execution via a JSP webshell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Trend Micro InterScan Web Security Virtual Appliance (firmware versions prior to Critical Build 1386)

Auth required

Prerequisites: Network access to the target appliance · Valid JSESSIONID cookie

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Trend Micro Interscan Web Security Virtual Appliance - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details