EIP-2026-101903

PRE-CVE

OpenFiler 2.99.1 - Arbitrary Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101903. PoCs published by Dolev Farhi.

AI-analyzed exploit summary This exploit demonstrates arbitrary code execution in Openfiler 2.99.1 by injecting shell commands via the hostname field in the system settings. The Python script automates authentication and payload delivery to execute commands wrapped in backticks.

Description

OpenFiler 2.99.1 - Arbitrary Code Execution

Exploits (1)

exploitdb WORKING POC

by Dolev Farhi · textwebappshardware

https://www.exploit-db.com/exploits/33247

View Code ZIP pw:eip

This exploit demonstrates arbitrary code execution in Openfiler 2.99.1 by injecting shell commands via the hostname field in the system settings. The Python script automates authentication and payload delivery to execute commands wrapped in backticks.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Openfiler 2.99.1

Auth required

Prerequisites: Valid credentials for Openfiler dashboard · Network access to the Openfiler web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026