EIP-2026-109810

PRE-CVE

myUPB 2.2.6 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109810. PoCs published by ALTBTA.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in myUPB v2.2.6, including CSRF privilege escalation, backup file download, and Local File Inclusion (LFI). The LFI allows arbitrary file reading via path traversal in the 'file' parameter.

Description

myUPB 2.2.6 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by ALTBTA · textwebappsphp

https://www.exploit-db.com/exploits/13957

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in myUPB v2.2.6, including CSRF privilege escalation, backup file download, and Local File Inclusion (LFI). The LFI allows arbitrary file reading via path traversal in the 'file' parameter.

Classification

Working Poc 90%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: myUPB v2.2.6

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1006 - Direct Volume Access T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026