EIP-2026-114426

PRE-CVE

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114426. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file disclosure vulnerability in Xerox DC260 EFI Fiery Controller Webtools 2.0. The 'forceSave.php' script does not properly sanitize the 'file' GET parameter, allowing unauthenticated attackers to read arbitrary files on the system.

Description

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/43398

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file disclosure vulnerability in Xerox DC260 EFI Fiery Controller Webtools 2.0. The 'forceSave.php' script does not properly sanitize the 'file' GET parameter, allowing unauthenticated attackers to read arbitrary files on the system.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Xerox DC260 EFI Fiery Controller Webtools 2.0

No auth needed

Prerequisites: Network access to the vulnerable system

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026