EIP-2026-109691

PRE-CVE

MyBB 1.4/1.6 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109691. PoCs published by MustLive.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in MyBB, including username enumeration, XML injection, and XSS. It includes example URLs to exploit these vulnerabilities but does not contain executable exploit code.

Description

MyBB 1.4/1.6 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/35559

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in MyBB, including username enumeration, XML injection, and XSS. It includes example URLs to exploit these vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MyBB versions prior to 1.6.2 and 1.4.15

No auth needed

Prerequisites: Access to the target MyBB instance

MITRE ATT&CK

T1059.007 - JavaScript T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026