EIP-2026-105866

PRE-CVE

CKEditor 3 - Server-Side Request Forgery (SSRF)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105866. PoCs published by ahmed.

AI-analyzed exploit summary This is a technical writeup describing an SSRF vulnerability in CKEditor versions under 4. It details the steps to exploit the vulnerability by manipulating the 'Custom Uploader URL' field in the uploadtest.html file to induce server-side HTTP requests to arbitrary domains.

Description

CKEditor 3 - Server-Side Request Forgery (SSRF)

Exploits (1)

exploitdb WRITEUP

by ahmed · textwebappsphp

https://www.exploit-db.com/exploits/50021

View Code ZIP pw:eip

This is a technical writeup describing an SSRF vulnerability in CKEditor versions under 4. It details the steps to exploit the vulnerability by manipulating the 'Custom Uploader URL' field in the uploadtest.html file to induce server-side HTTP requests to arbitrary domains.

Classification

Writeup 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: CKEditor versions under 4 (1, 2, 3)

No auth needed

Prerequisites: Access to the vulnerable uploadtest.html page · Ability to inspect and modify HTML elements

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026