EIP-2026-104141

PRE-CVE

Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104141. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a trust relationship issue in the Zend Server Java Bridge, allowing arbitrary Java code execution by sending crafted requests to the bridge without authentication. It delivers a malicious JAR payload via an HTTP server and triggers its execution through Java Bridge protocol manipulation.

Description

Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/17148

This Metasploit module exploits a trust relationship issue in the Zend Server Java Bridge, allowing arbitrary Java code execution by sending crafted requests to the bridge without authentication. It delivers a malicious JAR payload via an HTTP server and triggers its execution through Java Bridge protocol manipulation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Zend Server Java Bridge (versions prior to the 2011 fix)
No auth needed
Prerequisites: Network access to the Zend Server Java Bridge (default port 10001) · Java Bridge service running and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026