EIP-2026-114714

PRE-CVE

Sun Solaris 10 - 'in.ftpd' Long Command Handling Security

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114714. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit demonstrates a cross-site request forgery (CSRF) vulnerability in Sun Solaris' in.ftpd FTP server. It leverages maliciously crafted FTP URIs to perform unauthorized actions like changing file permissions (CHMOD) or retrieving directory listings (PWD/STAT) when a logged-in user visits a malicious site.

Description

Sun Solaris 10 - 'in.ftpd' Long Command Handling Security

Exploits (1)

exploitdb WORKING POC VERIFIED

by Maksymilian Arciemowicz · textdossolaris

https://www.exploit-db.com/exploits/34028

View Code ZIP pw:eip

This exploit demonstrates a cross-site request forgery (CSRF) vulnerability in Sun Solaris' in.ftpd FTP server. It leverages maliciously crafted FTP URIs to perform unauthorized actions like changing file permissions (CHMOD) or retrieving directory listings (PWD/STAT) when a logged-in user visits a malicious site.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Sun Solaris in.ftpd (Solaris 10 10/09, OpenSolaris 2009.06)

Auth required

Prerequisites: Victim must be logged into the FTP server · Victim must visit a malicious site containing the crafted URI

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026