EIP-2026-102513

PRE-CVE

NXFilter 3.0.3 - Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102513. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in NXFilter v3.0.3, allowing arbitrary actions such as adding users, modifying SMTP settings, and manipulating domain configurations via crafted HTML forms. It includes functional PoC code for multiple attack vectors, including persistent XSS.

Description

NXFilter 3.0.3 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textwebappsjsp

https://www.exploit-db.com/exploits/38645

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability in NXFilter v3.0.3, allowing arbitrary actions such as adding users, modifying SMTP settings, and manipulating domain configurations via crafted HTML forms. It includes functional PoC code for multiple attack vectors, including persistent XSS.

Classification

Working Poc 95%

Attack Type

Csrf

Complexity

Trivial

Reliability

Reliable

Target: NXFilter v3.0.3

Auth required

Prerequisites: Victim must be authenticated and visit a malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026