EIP-2026-106580

This exploit demonstrates a web cache poisoning vulnerability in Drupal 10.1.2, allowing an attacker to induce the application to perform server-side HTTP requests to arbitrary domains via the Host header. The PoC includes a crafted HTTP request that triggers an external service interaction, confirmed by responses from Burp Collaborator and an attacker-controlled server.