EIP-2026-103885

PRE-CVE

CrushFTP < 11.1.0 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103885. PoCs published by Abdualhadi khalifa.

AI-analyzed exploit summary This script scans for a directory traversal vulnerability in CrushFTP by attempting to access sensitive files via crafted URLs. It does not exploit the vulnerability but detects it by checking for file content in responses.

Description

CrushFTP < 11.1.0 - Directory Traversal

Exploits (1)

exploitdb SCANNER

by Abdualhadi khalifa · pythonremotemultiple

https://www.exploit-db.com/exploits/52012

View Code ZIP pw:eip

This script scans for a directory traversal vulnerability in CrushFTP by attempting to access sensitive files via crafted URLs. It does not exploit the vulnerability but detects it by checking for file content in responses.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CrushFTP versions below 10.7.1 and 11.1.0 (as well as legacy 9.x)

No auth needed

Prerequisites: Network access to the CrushFTP server · Knowledge of target file paths

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026