EIP-2026-103951

PRE-CVE

JDownloader 2 Beta - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103951. PoCs published by PizzaHatHacker.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in JDownloader 2 Beta (SVN revisions 1171-2331) during ZIP extraction. It leverages a flaw in the `alleviatePathParts` method to create arbitrary files, enabling RCE via crafted ZIP entries.

Description

JDownloader 2 Beta - Directory Traversal

Exploits (1)

exploitdb WORKING POC

by PizzaHatHacker · rubyremotemultiple

https://www.exploit-db.com/exploits/37198

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in JDownloader 2 Beta (SVN revisions 1171-2331) during ZIP extraction. It leverages a flaw in the `alleviatePathParts` method to create arbitrary files, enabling RCE via crafted ZIP entries.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: JDownloader 2 Beta (SVN revisions 1171-2331)

No auth needed

Prerequisites: Victim must download and extract a malicious ZIP file via JDownloader

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026