EIP-2026-103058

PRE-CVE

ALCASAR 2.8 - Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103058. PoCs published by eF.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in ALCASAR's web UI via the HTTP Host header, allowing unauthenticated remote code execution as the Apache user. It then escalates privileges to root by modifying the sudoers file using sudo-enabled binaries like openssl.

Description

ALCASAR 2.8 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by eF · pythonremotelinux

https://www.exploit-db.com/exploits/34595

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in ALCASAR's web UI via the HTTP Host header, allowing unauthenticated remote code execution as the Apache user. It then escalates privileges to root by modifying the sudoers file using sudo-enabled binaries like openssl.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ALCASAR <= 2.8

No auth needed

Prerequisites: Network access to the ALCASAR web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026