EIP-2026-103603

PRE-CVE

OpenPLC WebServer 3 - Denial of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103603. PoCs published by Kai Feng.

AI-analyzed exploit summary This exploit targets OpenPLC WebServer versions 2 and 3, leveraging a denial-of-service vulnerability by uploading a maliciously crafted PLC program and injecting a large payload into the device name field. The exploit includes authentication and session handling to execute the attack.

Description

OpenPLC WebServer 3 - Denial of Service

Exploits (1)

exploitdb WORKING POC

by Kai Feng · textdosmultiple

https://www.exploit-db.com/exploits/51746

View Code ZIP pw:eip

This exploit targets OpenPLC WebServer versions 2 and 3, leveraging a denial-of-service vulnerability by uploading a maliciously crafted PLC program and injecting a large payload into the device name field. The exploit includes authentication and session handling to execute the attack.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: OpenPLC WebServer 3 and 2

Auth required

Prerequisites: Valid credentials for the OpenPLC WebServer · Network access to the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026