EIP-2026-107733

PRE-CVE

IceWarp Web Mail 3.3.2/5.2.7 - Multiple Remote Input Validation Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107733. PoCs published by ShineShadow.

AI-analyzed exploit summary This exploit demonstrates multiple input validation vulnerabilities in IceWarp Web Mail, including XSS, path traversal, and arbitrary file access. The PoC provides specific URLs and payloads to exploit these vulnerabilities.

Description

IceWarp Web Mail 3.3.2/5.2.7 - Multiple Remote Input Validation Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by ShineShadow · textwebappsphp

https://www.exploit-db.com/exploits/24367

View Code ZIP pw:eip

This exploit demonstrates multiple input validation vulnerabilities in IceWarp Web Mail, including XSS, path traversal, and arbitrary file access. The PoC provides specific URLs and payloads to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Xss | Info Leak | Other

Complexity

Trivial

Reliability

Reliable

Target: IceWarp Web Mail prior to version 5.2.8

No auth needed

Prerequisites: Network access to the target IceWarp Web Mail server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026