EIP-2026-104136

PRE-CVE

xinkaa Web station 1.0.3 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104136. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The vulnerability involves directory traversal in Xinkaa WEB Station, allowing attackers to access sensitive system files via crafted HTTP requests. The exploit leverages path traversal sequences (e.g., ../../../) to bypass intended access restrictions.

Description

xinkaa Web station 1.0.3 - Directory Traversal

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotemultiple

https://www.exploit-db.com/exploits/25133

View Code ZIP pw:eip

The vulnerability involves directory traversal in Xinkaa WEB Station, allowing attackers to access sensitive system files via crafted HTTP requests. The exploit leverages path traversal sequences (e.g., ../../../) to bypass intended access restrictions.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Xinkaa WEB Station

No auth needed

Prerequisites: Network access to the vulnerable web server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026