EIP-2026-103219

PRE-CVE

SCPOnly 2.x/3.x - Arbitrary Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103219. PoCs published by Jason Wies.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in scponly versions prior to 4.0. It demonstrates arbitrary command execution by abusing the 'rsync' and 'scp' commands with crafted arguments to execute arbitrary commands on the target system.

Description

SCPOnly 2.x/3.x - Arbitrary Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jason Wies · bashremotelinux

https://www.exploit-db.com/exploits/24794

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in scponly versions prior to 4.0. It demonstrates arbitrary command execution by abusing the 'rsync' and 'scp' commands with crafted arguments to execute arbitrary commands on the target system.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: scponly < 4.0

Auth required

Prerequisites: Valid SSH credentials for a restricted user on the target system

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026