EIP-2026-104327

PRE-CVE

ManageEngine Security Manager Plus 5.5 build 5505 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104327. PoCs published by xistence.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in ManageEngine Security Manager Plus to download sensitive database files without authentication. It targets versions 5.5 build 5505 and lower, allowing access to credentials and system files.

Description

ManageEngine Security Manager Plus 5.5 build 5505 - Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by xistence · pythonwebappsmultiple

https://www.exploit-db.com/exploits/22092

View Code ZIP pw:eip

This exploit leverages a path traversal vulnerability in ManageEngine Security Manager Plus to download sensitive database files without authentication. It targets versions 5.5 build 5505 and lower, allowing access to credentials and system files.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine Security Manager Plus <= 5.5 build 5505

No auth needed

Prerequisites: Network access to the target · At least one patch downloaded in Security Manager Plus

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026