EIP-2026-103226
PRE-CVESquidGuard 1.x - NULL URL Character Unauthorized Access
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-103226. PoCs published by Petko Popadiyski.
AI-analyzed exploit summary The exploit describes a remote NULL URL character unauthorized access vulnerability in SquidGuard. The issue arises from improper filtering of invalid URIs, allowing attackers to bypass access controls and gain unauthorized access to sensitive resources.
Description
SquidGuard 1.x - NULL URL Character Unauthorized Access
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Petko Popadiyski · textremotelinux
https://www.exploit-db.com/exploits/23848
The exploit describes a remote NULL URL character unauthorized access vulnerability in SquidGuard. The issue arises from improper filtering of invalid URIs, allowing attackers to bypass access controls and gain unauthorized access to sensitive resources.
Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
SquidGuard
No auth needed
Prerequisites:
Network access to the target SquidGuard instance
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026