EIP-2026-102532

PRE-CVE

Resin Application Server 4.0.36 - Source Code Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102532. PoCs published by LiquidWorm.

AI-analyzed exploit summary The vulnerability involves improper sanitization of the 'file' parameter in Resin Application Server 4.0.36, allowing attackers to disclose source code of files like '.jsp' by manipulating the parameter. The advisory provides specific URLs demonstrating the exploit, including path traversal techniques.

Description

Resin Application Server 4.0.36 - Source Code Disclosure

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappsjsp

https://www.exploit-db.com/exploits/26073

View Code ZIP pw:eip

The vulnerability involves improper sanitization of the 'file' parameter in Resin Application Server 4.0.36, allowing attackers to disclose source code of files like '.jsp' by manipulating the parameter. The advisory provides specific URLs demonstrating the exploit, including path traversal techniques.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Resin Professional Web And Application Server 4.0.36

No auth needed

Prerequisites: Access to the Resin server's web interface

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026