EIP-2026-103265

PRE-CVE

Boa Web Server v0.94.14 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103265. PoCs published by George Tsimpidas.

AI-analyzed exploit summary The writeup details an authentication bypass vulnerability in Boa Web Server v0.94.14 due to improper validation of the HEAD HTTP method, allowing unauthorized access. It includes technical analysis of the code path and response handling logic.

Description

Boa Web Server v0.94.14 - Authentication Bypass

Exploits (1)

exploitdb WRITEUP

by George Tsimpidas · textwebappslinux

https://www.exploit-db.com/exploits/51139

View Code ZIP pw:eip

The writeup details an authentication bypass vulnerability in Boa Web Server v0.94.14 due to improper validation of the HEAD HTTP method, allowing unauthorized access. It includes technical analysis of the code path and response handling logic.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Boa Web Server v0.94.13 - v0.94.14

No auth needed

Prerequisites: Network access to the Boa Web Server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026