EIP-2026-102495

This exploit leverages an unauthenticated directory traversal vulnerability in ManageEngine DeviceExpert 5.6's ScheduleResultViewer servlet to disclose arbitrary files, including authentication credentials and database backups. The PoC demonstrates file retrieval via crafted HTTP requests to the servlet.