EIP-2026-103850
PRE-CVEApache Tomcat - Cookie Quote Handling Remote Information Disclosure
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-103850. PoCs published by John Kew.
AI-analyzed exploit summary The provided code demonstrates a cookie injection vulnerability where malformed cookie headers can manipulate HTTP responses. The examples show crafted cookie values that exploit improper handling of quotes and special characters in the target application.
Description
Apache Tomcat - Cookie Quote Handling Remote Information Disclosure
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by John Kew · textremotemultiple
https://www.exploit-db.com/exploits/9994
The provided code demonstrates a cookie injection vulnerability where malformed cookie headers can manipulate HTTP responses. The examples show crafted cookie values that exploit improper handling of quotes and special characters in the target application.
Classification
Working Poc 80%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
Unspecified web application (likely a servlet-based application)
No auth needed
Prerequisites:
Access to the target web application
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026