EIP-2026-107596
PRE-CVEHivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-107596. PoCs published by Shai rod.
AI-analyzed exploit summary This exploit demonstrates multiple stored XSS vulnerabilities in Hivemail Webmail 1.41F Build 103. It sends an email with XSS payloads in the body and contact fields, triggering when the victim interacts with the content.
Description
Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
by Shai rod · pythonwebappsphp
https://www.exploit-db.com/exploits/20672
This exploit demonstrates multiple stored XSS vulnerabilities in Hivemail Webmail 1.41F Build 103. It sends an email with XSS payloads in the body and contact fields, triggering when the victim interacts with the content.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Hivemail Webmail 1.41F Build 103
Auth required
Prerequisites:
SMTP server access · Valid credentials for the target webmail
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026