EIP-2026-117444
PRE-CVEMcAfee Data Loss Prevention - Multiple Information Disclosure Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-117444. PoCs published by Jamie Ooi.
AI-analyzed exploit summary The exploit demonstrates an information disclosure vulnerability in McAfee Data Loss Prevention by crafting specific URLs to download arbitrary files (e.g., /etc/shadow, /etc/syslog.conf) without authentication. The vulnerability lies in the ReDownloadLogs.do endpoint, which fails to validate the filepath and filename parameters.
Description
McAfee Data Loss Prevention - Multiple Information Disclosure Vulnerabilities
Exploits (1)
The exploit demonstrates an information disclosure vulnerability in McAfee Data Loss Prevention by crafting specific URLs to download arbitrary files (e.g., /etc/shadow, /etc/syslog.conf) without authentication. The vulnerability lies in the ReDownloadLogs.do endpoint, which fails to validate the filepath and filename parameters.