EIP-2026-103782

PRE-CVE

Marked2 - Local File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103782. PoCs published by Corben Leo.

AI-analyzed exploit summary This JavaScript code demonstrates an SSRF (Server-Side Request Forgery) vulnerability by reading a local file (e.g., /etc/passwd) and exfiltrating its contents to an attacker-controlled server. It uses XMLHttpRequest to perform the file read and data exfiltration.

Description

Marked2 - Local File Disclosure

Exploits (1)

exploitdb WORKING POC

by Corben Leo · htmllocalmultiple

https://www.exploit-db.com/exploits/44006

View Code ZIP pw:eip

This JavaScript code demonstrates an SSRF (Server-Side Request Forgery) vulnerability by reading a local file (e.g., /etc/passwd) and exfiltrating its contents to an attacker-controlled server. It uses XMLHttpRequest to perform the file read and data exfiltration.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: Unknown (likely a web application with SSRF vulnerability)

No auth needed

Prerequisites: Victim must execute the JavaScript in a vulnerable context (e.g., browser or web application with SSRF) · Attacker must control the exfiltration server (dev.example.com:1337)

MITRE ATT&CK

T1083 - File and Directory Discovery T1041 - Exfiltration Over C2 Channel

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026