EIP-2026-103846

PRE-CVE

Apache Mina 2.0.13 - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103846. PoCs published by Gregory Draperi.

AI-analyzed exploit summary The provided content describes a vulnerability in Apache Mina 2.0.13 involving OGNL expression execution in the IoSessionFinder class, but it lacks actual exploit code. Instead, it points to external downloads (Google Drive, GitLab) for PoC files, which is a common tactic in suspicious repositories.

Description

Apache Mina 2.0.13 - Remote Command Execution

Exploits (1)

exploitdb SUSPICIOUS

by Gregory Draperi · textremotemultiple

https://www.exploit-db.com/exploits/40382

View Code ZIP pw:eip

The provided content describes a vulnerability in Apache Mina 2.0.13 involving OGNL expression execution in the IoSessionFinder class, but it lacks actual exploit code. Instead, it points to external downloads (Google Drive, GitLab) for PoC files, which is a common tactic in suspicious repositories.

Classification

Suspicious 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Apache Mina 2.0.13

No auth needed

Prerequisites: Exposed JMX MINA component · Access to the JMX interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026