EIP-2026-103063

PRE-CVE

Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103063. PoCs published by shinris3n.

AI-analyzed exploit summary This exploit targets Apache James Server 2.3.2, leveraging authenticated access to the Remote Administration Tool to create a malicious user and inject a payload into a system path. The payload executes upon user login (e.g., SSH), achieving remote command execution.

Description

Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)

Exploits (1)

exploitdb WORKING POC

by shinris3n · pythonremotelinux

https://www.exploit-db.com/exploits/50347

View Code ZIP pw:eip

This exploit targets Apache James Server 2.3.2, leveraging authenticated access to the Remote Administration Tool to create a malicious user and inject a payload into a system path. The payload executes upon user login (e.g., SSH), achieving remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache James Server 2.3.2

Auth required

Prerequisites: Default or known credentials for James Remote Administration Tool · Network access to ports 4555 (admin) and 25 (SMTP) · Ability to write to system paths (e.g., /etc/bash_completion.d)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1036 - Masquerading

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026