EIP-2026-104575

PRE-CVE

Apple At Ease 5.0 - Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104575. PoCs published by Tim Conrad.

AI-analyzed exploit summary This is a technical writeup describing an unauthorized file access vulnerability in At Ease 5.0, allowing users to browse and download files from other users' directories via a crafted file:// URL. The vulnerability leverages improper path handling in the web interface.

Description

Apple At Ease 5.0 - Information Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tim Conrad · textlocalosx

https://www.exploit-db.com/exploits/19427

View Code ZIP pw:eip

This is a technical writeup describing an unauthorized file access vulnerability in At Ease 5.0, allowing users to browse and download files from other users' directories via a crafted file:// URL. The vulnerability leverages improper path handling in the web interface.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: At Ease 5.0.2 with AppleShare IP 5.0.3

Auth required

Prerequisites: Access to a user account with Netscape Communicator · At Ease 5.0.2 and AppleShare IP 5.0.3 installed

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026