EIP-2026-102447

PRE-CVE

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102447. PoCs published by Rafael Cintra Lopes.

AI-analyzed exploit summary This script uses Selenium to test for a UI misrepresentation vulnerability in Swagger UI by injecting external configuration URLs and logging network requests. It checks if the target application loads arbitrary external configurations, indicating potential vulnerability.

Description

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information

Exploits (1)

exploitdb SCANNER

by Rafael Cintra Lopes · textwebappsjson

https://www.exploit-db.com/exploits/51379

View Code ZIP pw:eip

This script uses Selenium to test for a UI misrepresentation vulnerability in Swagger UI by injecting external configuration URLs and logging network requests. It checks if the target application loads arbitrary external configurations, indicating potential vulnerability.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Swagger UI < 4.1.3

No auth needed

Prerequisites: Selenium with Chrome WebDriver · Access to the target Swagger UI instance

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026