EIP-2026-116728

PRE-CVE

Adobe Reader PDF - Client Side Request Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116728. PoCs published by Alex Inführ.

AI-analyzed exploit summary This is a PDF exploit leveraging XFA (XML Forms Architecture) to trigger an external submission event, potentially leading to arbitrary HTTP requests or data exfiltration. The PoC demonstrates how malformed XFA content can be embedded in a PDF to execute unintended actions when opened.

Description

Adobe Reader PDF - Client Side Request Injection

Exploits (1)

exploitdb WORKING POC

by Alex Inführ · textlocalwindows

https://www.exploit-db.com/exploits/44573

View Code ZIP pw:eip

This is a PDF exploit leveraging XFA (XML Forms Architecture) to trigger an external submission event, potentially leading to arbitrary HTTP requests or data exfiltration. The PoC demonstrates how malformed XFA content can be embedded in a PDF to execute unintended actions when opened.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Adobe Acrobat/Reader (versions vulnerable to XFA-based attacks)

No auth needed

Prerequisites: Victim must open the malicious PDF file

MITRE ATT&CK

T1204.002 - Malicious File

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026