EIP-2026-103842

PRE-CVE

Allaire JRun 2.3 - File Source Code Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103842. PoCs published by Foundstone Labs.

AI-analyzed exploit summary The vulnerability in Allaire JRun allows directory traversal via malformed URLs using the SSIFilter servlet, enabling unauthorized read access to files outside the webroot. The exploit leverages improper path validation to disclose arbitrary file contents or source code.

Description

Allaire JRun 2.3 - File Source Code Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED

by Foundstone Labs · textremotemultiple

https://www.exploit-db.com/exploits/20315

View Code ZIP pw:eip

The vulnerability in Allaire JRun allows directory traversal via malformed URLs using the SSIFilter servlet, enabling unauthorized read access to files outside the webroot. The exploit leverages improper path validation to disclose arbitrary file contents or source code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Allaire JRun (version not specified)

No auth needed

Prerequisites: Network access to the target JRun server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026