EIP-2026-104205

PRE-CVE

Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104205. PoCs published by Metin Yunus Kandemir.

AI-analyzed exploit summary This Python script scans for open ports on internal servers via an SSRF vulnerability in Cockpit v234. It sends crafted HTTP requests to the target Cockpit server to probe specified ports on another server (or localhost by default).

Description

Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)

Exploits (1)

exploitdb SCANNER

by Metin Yunus Kandemir · textwebappsmultiple

https://www.exploit-db.com/exploits/49397

View Code ZIP pw:eip

This Python script scans for open ports on internal servers via an SSRF vulnerability in Cockpit v234. It sends crafted HTTP requests to the target Cockpit server to probe specified ports on another server (or localhost by default).

Classification

Scanner 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Cockpit v234

No auth needed

Prerequisites: Network access to the Cockpit server · Cockpit server running version 234

MITRE ATT&CK

T1083 - File and Directory Discovery T1133 - External Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026