EIP-2026-103881

PRE-CVE

Check Point Software Firewall-1 3.0/1 4.0 / Cisco PIX Firewall 4.x/5.x - 'ALG' Client

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103881. PoCs published by Dug Song.

AI-analyzed exploit summary This exploit demonstrates a firewall penetration technique by crafting malicious FTP URLs that trick vulnerable firewalls into opening arbitrary ports. It leverages a parsing flaw in FTP command handling to inject a PORT command, allowing reverse connections.

Description

Check Point Software Firewall-1 3.0/1 4.0 / Cisco PIX Firewall 4.x/5.x - 'ALG' Client

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dug Song · cremotemultiple

https://www.exploit-db.com/exploits/19800

View Code ZIP pw:eip

This exploit demonstrates a firewall penetration technique by crafting malicious FTP URLs that trick vulnerable firewalls into opening arbitrary ports. It leverages a parsing flaw in FTP command handling to inject a PORT command, allowing reverse connections.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Firewall-1 (versions 4.1 and prior), Cisco PIX (up to 5.0(1))

No auth needed

Prerequisites: Vulnerable firewall configuration · Client-side FTP application to trigger the exploit

MITRE ATT&CK

T1090 - Proxy

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026