EIP-2026-103090

PRE-CVE

CoreHTTP 0.5.3.1 - 'CGI' Arbitrary Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103090. PoCs published by Aaron Conole.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in CoreHTTP server versions 0.5.3.1 and below due to improper input sanitization before passing user input to popen(). It allows remote command execution via crafted CGI requests.

Description

CoreHTTP 0.5.3.1 - 'CGI' Arbitrary Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aaron Conole · rubyremotelinux

https://www.exploit-db.com/exploits/10610

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in CoreHTTP server versions 0.5.3.1 and below due to improper input sanitization before passing user input to popen(). It allows remote command execution via crafted CGI requests.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CoreHTTP server <= 0.5.3.1 (with CGI enabled)

No auth needed

Prerequisites: CGI support enabled on the target server · Knowledge of a valid CGI file path on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026