EIP-2026-102236

PRE-CVE

Flux Player 3.1.0 iOS - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102236. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The exploit demonstrates a file include and arbitrary file upload vulnerability in Flux Player v3.1.0 iOS. It shows how an attacker can upload files with manipulated names or multiple extensions to bypass validation and execute unauthorized file access or path traversal.

Description

Flux Player 3.1.0 iOS - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/26953

View Code ZIP pw:eip

The exploit demonstrates a file include and arbitrary file upload vulnerability in Flux Player v3.1.0 iOS. It shows how an attacker can upload files with manipulated names or multiple extensions to bypass validation and execute unauthorized file access or path traversal.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Flux Player v3.1.0 iOS

No auth needed

Prerequisites: Network access to the vulnerable application · Ability to send crafted HTTP requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026