EIP-2026-103970
PRE-CVELighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-103970. PoCs published by venatir.
AI-analyzed exploit summary This is a detailed technical analysis of a vulnerability in Lighttpd (<1.4.23) caused by a filesystem bug in FreeBSD, OS X, and Solaris (<10) where trailing slashes on symlinks are silently dropped. This allows attackers to bypass suffix-based access controls (e.g., .php) and leak source code.
Description
Lighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure
Exploits (1)
This is a detailed technical analysis of a vulnerability in Lighttpd (<1.4.23) caused by a filesystem bug in FreeBSD, OS X, and Solaris (<10) where trailing slashes on symlinks are silently dropped. This allows attackers to bypass suffix-based access controls (e.g., .php) and leak source code.