EIP-2026-104442

PRE-CVE

Socket.io-file 2.0.31 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104442. PoCs published by Cr0wTom.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Socket.io-file <= 2.0.31 due to improper input validation. It allows an attacker to write arbitrary data to any file on the server by manipulating the file path in the createFile request.

Description

Socket.io-file 2.0.31 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by Cr0wTom · textwebappsmultiple

https://www.exploit-db.com/exploits/48713

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Socket.io-file <= 2.0.31 due to improper input validation. It allows an attacker to write arbitrary data to any file on the server by manipulating the file path in the createFile request.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: socket.io-file <= 2.0.31

No auth needed

Prerequisites: Network access to the target server · Socket.io-file server running with vulnerable version

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026