EIP-2026-112680

PRE-CVE

Tiki Wiki CMS Groupware 21.1 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112680. PoCs published by Maximilian Barz.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Tiki Wiki CMS Groupware 21.1 by repeatedly sending crafted login requests to remove the admin password, allowing unauthorized access.

Description

Tiki Wiki CMS Groupware 21.1 - Authentication Bypass

Exploits (1)

exploitdb WORKING POC

by Maximilian Barz · pythonwebappsphp

https://www.exploit-db.com/exploits/48927

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Tiki Wiki CMS Groupware 21.1 by repeatedly sending crafted login requests to remove the admin password, allowing unauthorized access.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Tiki Wiki CMS Groupware 21.1

No auth needed

Prerequisites: Network access to the target Tiki Wiki CMS instance

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026