EIP-2026-104469

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104469. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Trend Micro IMSVA's saveCert.imss endpoint, allowing authenticated users to execute arbitrary commands as root. The exploit leverages improper input sanitization and blacklisting bypass to inject a Python payload via the commonName parameter.

Description

Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC

by Mehmet Ince · rubywebappsmultiple

https://www.exploit-db.com/exploits/41461

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Trend Micro IMSVA's saveCert.imss endpoint, allowing authenticated users to execute arbitrary commands as root. The exploit leverages improper input sanitization and blacklisting bypass to inject a Python payload via the commonName parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) prior to 9.1-1600

Auth required

Prerequisites: Network access to the target · Valid credentials (default admin:imsva often used)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)

Exploitation Summary

Description

Exploits (1)

Details