EIP-2026-114368

The exploit discloses a password disclosure vulnerability via a direct file access and a remote file upload vulnerability due to insufficient file extension validation. It provides a functional HTML form for uploading arbitrary files, bypassing restrictions.