EIP-2026-102535

PRE-CVE

Sun JavaMail 1.3 - API MimeMessage Infromation Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102535. PoCs published by Ricky Latt.

AI-analyzed exploit summary The exploit describes an information disclosure vulnerability in the Sun JavaMail API where insufficient validation of message number values allows authenticated attackers to access arbitrary emails. The provided URLs demonstrate the attack vector.

Description

Sun JavaMail 1.3 - API MimeMessage Infromation Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ricky Latt · textwebappsjsp
https://www.exploit-db.com/exploits/25685

The exploit describes an information disclosure vulnerability in the Sun JavaMail API where insufficient validation of message number values allows authenticated attackers to access arbitrary emails. The provided URLs demonstrate the attack vector.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Sun JavaMail API
Auth required
Prerequisites: Authenticated access to an email server using the Sun JavaMail API
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026