EIP-2026-102468

PRE-CVE

Cloupia End-to-end FlexPod Management - Directory Traversal

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102468. PoCs published by Chris Rock.

AI-analyzed exploit summary This advisory describes a directory traversal vulnerability in Cloupia's jQuery File Tree implementation, allowing unauthenticated remote attackers to browse the host server's file system. The provided code snippet is a JSP connector for jQuery File Tree, which lacks proper input validation on the 'dir' parameter.

Description

Cloupia End-to-end FlexPod Management - Directory Traversal

Exploits (1)

exploitdb WRITEUP
by Chris Rock · textwebappsjsp
https://www.exploit-db.com/exploits/18373

This advisory describes a directory traversal vulnerability in Cloupia's jQuery File Tree implementation, allowing unauthenticated remote attackers to browse the host server's file system. The provided code snippet is a JSP connector for jQuery File Tree, which lacks proper input validation on the 'dir' parameter.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Cloupia End-to-end FlexPod Management
No auth needed
Prerequisites: Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026