EIP-2026-103290

PRE-CVE

Kodi 15 - Web Interface Arbitrary File Access

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103290. PoCs published by Machiel Pronk.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file read vulnerability in Kodi's web interface (v15) via path traversal. The issue was reintroduced in 2015 and allows attackers to access sensitive files like /etc/passwd by manipulating the URL path.

Description

Kodi 15 - Web Interface Arbitrary File Access

Exploits (1)

exploitdb WORKING POC VERIFIED
by Machiel Pronk · textwebappslinux
https://www.exploit-db.com/exploits/38833

This exploit demonstrates an arbitrary file read vulnerability in Kodi's web interface (v15) via path traversal. The issue was reintroduced in 2015 and allows attackers to access sensitive files like /etc/passwd by manipulating the URL path.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Kodi v15
No auth needed
Prerequisites: Kodi web interface exposed to the network
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026