EIP-2026-104014

PRE-CVE

OpenNMS 1.5.x - HTTP Response Splitting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104014. PoCs published by BugSec LTD.

AI-analyzed exploit summary This exploit demonstrates an HTTP response-splitting vulnerability in OpenNMS by injecting crafted HTTP headers and content into the response. The attack manipulates the server's output to serve arbitrary content, potentially misleading clients or facilitating further attacks.

Description

OpenNMS 1.5.x - HTTP Response Splitting

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugSec LTD · textremotemultiple

https://www.exploit-db.com/exploits/32458

View Code ZIP pw:eip

This exploit demonstrates an HTTP response-splitting vulnerability in OpenNMS by injecting crafted HTTP headers and content into the response. The attack manipulates the server's output to serve arbitrary content, potentially misleading clients or facilitating further attacks.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: OpenNMS versions prior to 1.5.94

No auth needed

Prerequisites: Access to the OpenNMS web interface

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026