EIP-2026-111692

PRE-CVE

rConfig 3.9.5 - Remote Code Execution (Unauthenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111692. PoCs published by Daniel Monzón.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote code execution (RCE) vulnerability in rConfig 3.9.5. It leverages user creation or enumeration to bypass authentication, then executes arbitrary commands via unsafe calls to `exec()` or template manipulation.

Description

rConfig 3.9.5 - Remote Code Execution (Unauthenticated)

Exploits (1)

exploitdb WORKING POC

by Daniel Monzón · pythonwebappsphp

https://www.exploit-db.com/exploits/48878

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated remote code execution (RCE) vulnerability in rConfig 3.9.5. It leverages user creation or enumeration to bypass authentication, then executes arbitrary commands via unsafe calls to `exec()` or template manipulation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: rConfig v3.9.5

No auth needed

Prerequisites: Network access to the target · rConfig 3.9.5 installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026