EIP-2026-103178

PRE-CVE

ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103178. PoCs published by Javier Marcos.

AI-analyzed exploit summary This exploit demonstrates multiple command injection vulnerabilities in nbox 2.3 and 2.5, allowing remote code execution (RCE) via various CGI endpoints. Some RCEs are wrapped in sudo, enabling privilege escalation.

Description

ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Javier Marcos · textremotelinux

https://www.exploit-db.com/exploits/40201

View Code ZIP pw:eip

This exploit demonstrates multiple command injection vulnerabilities in nbox 2.3 and 2.5, allowing remote code execution (RCE) via various CGI endpoints. Some RCEs are wrapped in sudo, enabling privilege escalation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: nbox 2.3 and 2.5

Auth required

Prerequisites: Valid credentials (nbox:nbox) · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026