EIP-2026-106276

PRE-CVE

CumulusClips 2.4.1 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106276. PoCs published by kor3k.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in CumulusClips 2.4.1, including session fixation, XSRF leading to admin account creation, and persistent XSS. It provides functional PoC code for each vulnerability, including HTTP requests and HTML forms.

Description

CumulusClips 2.4.1 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by kor3k · textwebappsphp

https://www.exploit-db.com/exploits/40343

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in CumulusClips 2.4.1, including session fixation, XSRF leading to admin account creation, and persistent XSS. It provides functional PoC code for each vulnerability, including HTTP requests and HTML forms.

Classification

Working Poc 95%

Attack Type

Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: CumulusClips 2.4.1

No auth needed

Prerequisites: Access to the target application · Ability to send crafted HTTP requests

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026