EIP-2026-102519

PRE-CVE

Openfire 3.10.2 - Unrestricted Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102519. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This is a vulnerability writeup describing an unrestricted file upload vulnerability in Openfire 3.10.2, allowing attackers to upload malicious files (e.g., .exe, .php, .jsp) via the plugin upload form. The exploit details are conceptual and lack actual PoC code.

Description

Openfire 3.10.2 - Unrestricted Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textwebappsjsp

https://www.exploit-db.com/exploits/38188

View Code ZIP pw:eip

This is a vulnerability writeup describing an unrestricted file upload vulnerability in Openfire 3.10.2, allowing attackers to upload malicious files (e.g., .exe, .php, .jsp) via the plugin upload form. The exploit details are conceptual and lack actual PoC code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Openfire 3.10.2

No auth needed

Prerequisites: Access to the Openfire plugin upload interface

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026