EIP-2026-102477

PRE-CVE

Desktop Central 9.1.0 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102477. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary The exploit demonstrates CRLF injection and SSRF vulnerabilities in ManageEngine Desktop Central 9.1.0. The CRLF injection allows arbitrary HTTP header injection via the fileName parameter, while the SSRF can be used to probe internal resources or trigger malicious requests.

Description

Desktop Central 9.1.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Rafael Pedrero · textwebappsjsp

https://www.exploit-db.com/exploits/51082

View Code ZIP pw:eip

The exploit demonstrates CRLF injection and SSRF vulnerabilities in ManageEngine Desktop Central 9.1.0. The CRLF injection allows arbitrary HTTP header injection via the fileName parameter, while the SSRF can be used to probe internal resources or trigger malicious requests.

Classification

Working Poc 90%

Attack Type

Ssrf | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: ManageEngine Desktop Central 9.1.0 (Build No: 91084)

Auth required

Prerequisites: Network access to the target · Valid session cookies for authenticated SSRF exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026