EIP-2026-104797
PRE-CVEZend Framework 1.9.6 - Multiple Input Validation Vulnerabilities / Security Bypass
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-104797. PoCs published by draic Brady.
AI-analyzed exploit summary This is a vulnerability writeup describing multiple input-validation issues in Zend Framework, including XSS and HTML injection vulnerabilities. It provides an example URI demonstrating the XSS vulnerability but does not include functional exploit code.
Description
Zend Framework 1.9.6 - Multiple Input Validation Vulnerabilities / Security Bypass
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by draic Brady · textremotephp
https://www.exploit-db.com/exploits/33525
This is a vulnerability writeup describing multiple input-validation issues in Zend Framework, including XSS and HTML injection vulnerabilities. It provides an example URI demonstrating the XSS vulnerability but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target:
Zend Framework versions prior to 1.7.9, 1.8.5, and 1.9.7
No auth needed
Prerequisites:
A vulnerable version of Zend Framework · User interaction to trigger the XSS payload
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026