EIP-2026-102415

PRE-CVE

Oracle NoSQL 11g 1.1.100 R2 - 'log' Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102415. PoCs published by BuherÃ¡tor.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Oracle NoSQL 11g 1.1.100 R2, allowing an attacker to read arbitrary local files by manipulating the 'log' parameter in the LogDownloadService endpoint.

Description

Oracle NoSQL 11g 1.1.100 R2 - 'log' Directory Traversal

Exploits (1)

exploitdb WORKING POC

by BuherÃ¡tor · textwebappsjava

https://www.exploit-db.com/exploits/36292

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Oracle NoSQL 11g 1.1.100 R2, allowing an attacker to read arbitrary local files by manipulating the 'log' parameter in the LogDownloadService endpoint.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Oracle NoSQL 11g 1.1.100 R2

No auth needed

Prerequisites: Network access to the vulnerable Oracle NoSQL instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026