EIP-2026-104284

PRE-CVE

Interscan Web Security 5.0 - Arbitrary File Upload / Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104284. PoCs published by Ivan Huertas.

AI-analyzed exploit summary This advisory describes a local privilege escalation vulnerability in InterScan Web Security Virtual Appliance 5.0 due to a SUID binary 'uihelper' that allows command execution as root. It also references an arbitrary file upload vulnerability that could lead to remote command execution as root.

Description

Interscan Web Security 5.0 - Arbitrary File Upload / Privilege Escalation

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ivan Huertas · textwebappsmultiple

https://www.exploit-db.com/exploits/14004

View Code ZIP pw:eip

This advisory describes a local privilege escalation vulnerability in InterScan Web Security Virtual Appliance 5.0 due to a SUID binary 'uihelper' that allows command execution as root. It also references an arbitrary file upload vulnerability that could lead to remote command execution as root.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: InterScan Web Security Virtual Appliance 5.0

Auth required

Prerequisites: Local access to the system · Presence of the SUID binary 'uihelper'

MITRE ATT&CK

T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026