EIP-2026-103781

PRE-CVE

Lucee Scheduled Job v1.0 - Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103781. PoCs published by Alexander Philiotis.

AI-analyzed exploit summary This Metasploit module exploits Lucee's scheduled job functionality to achieve remote code execution by creating a job that fetches and executes a malicious CFM payload from an attacker-controlled server. It requires authentication and targets Lucee servers with exposed administrative interfaces.

Description

Lucee Scheduled Job v1.0 - Command Execution

Exploits (1)

exploitdb WORKING POC

by Alexander Philiotis · rubylocalmultiple

https://www.exploit-db.com/exploits/51333

View Code ZIP pw:eip

This Metasploit module exploits Lucee's scheduled job functionality to achieve remote code execution by creating a job that fetches and executes a malicious CFM payload from an attacker-controlled server. It requires authentication and targets Lucee servers with exposed administrative interfaces.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Lucee (all versions with scheduled jobs enabled)

Auth required

Prerequisites: Valid credentials for Lucee admin interface · Exposed administrative web interface · Scheduled jobs enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026