EIP-2026-118358

PRE-CVE

CIS WebServer 3.5.13 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118358. PoCs published by CorryL.

AI-analyzed exploit summary The vulnerability involves a directory traversal flaw in CIS WebServer, allowing attackers to access sensitive system files via crafted HTTP requests. The example demonstrates accessing the SAM file through path traversal sequences.

Description

CIS WebServer 3.5.13 - Directory Traversal

Exploits (1)

exploitdb WRITEUP VERIFIED

by CorryL · textremotewindows

https://www.exploit-db.com/exploits/25163

View Code ZIP pw:eip

The vulnerability involves a directory traversal flaw in CIS WebServer, allowing attackers to access sensitive system files via crafted HTTP requests. The example demonstrates accessing the SAM file through path traversal sequences.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CIS WebServer (version unspecified)

No auth needed

Prerequisites: Network access to the vulnerable web server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026