EIP-2026-104092

PRE-CVE

Sun ONE Unified Development Server 5.0 - Recursive Document Type Definition

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104092. PoCs published by Sun Microsystems.

AI-analyzed exploit summary This exploit leverages recursive XML entity expansion to cause excessive resource consumption, leading to a denial of service (DoS) in Sun ONE Unified Development Server (UDS). The malicious DTD constructs force the parser to exponentially expand entities, exhausting system resources.

Description

Sun ONE Unified Development Server 5.0 - Recursive Document Type Definition

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sun Microsystems · xmlremotemultiple
https://www.exploit-db.com/exploits/22178

This exploit leverages recursive XML entity expansion to cause excessive resource consumption, leading to a denial of service (DoS) in Sun ONE Unified Development Server (UDS). The malicious DTD constructs force the parser to exponentially expand entities, exhausting system resources.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Sun ONE Unified Development Server (UDS)
No auth needed
Prerequisites: Ability to upload or send malicious XML to the target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026