EIP-2026-103395

PRE-CVE

Airlock WAF 4.2.4 - Overlong UTF-8 Sequence Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103395. PoCs published by SEC Consult.

AI-analyzed exploit summary This advisory describes a bypass vulnerability in Airlock WAF where overlong UTF-8 sequences of the NUL character can evade pattern-based attack detection. The PoC demonstrates how SQL injection payloads can bypass the WAF by encoding the NUL byte as C0 80.

Description

Airlock WAF 4.2.4 - Overlong UTF-8 Sequence Bypass

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textdosmultiple

https://www.exploit-db.com/exploits/19290

View Code ZIP pw:eip

This advisory describes a bypass vulnerability in Airlock WAF where overlong UTF-8 sequences of the NUL character can evade pattern-based attack detection. The PoC demonstrates how SQL injection payloads can bypass the WAF by encoding the NUL byte as C0 80.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Airlock WAF <= 4.2.4 (without hotfix HF4213)

No auth needed

Prerequisites: Access to a web application protected by Airlock WAF

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026