EIP-2026-118587

PRE-CVE

FreeSWITCH 1.10.1 - Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118587. PoCs published by 1F98D.

AI-analyzed exploit summary This exploit leverages FreeSWITCH's default authentication mechanism to execute arbitrary system commands via the Event Socket interface on port 8021. It authenticates with the default password 'ClueCon' and sends an 'api system' command to achieve remote code execution.

Description

FreeSWITCH 1.10.1 - Command Execution

Exploits (1)

exploitdb WORKING POC

by 1F98D · textremotewindows

https://www.exploit-db.com/exploits/47799

View Code ZIP pw:eip

This exploit leverages FreeSWITCH's default authentication mechanism to execute arbitrary system commands via the Event Socket interface on port 8021. It authenticates with the default password 'ClueCon' and sends an 'api system' command to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: FreeSWITCH 1.10.1

Auth required

Prerequisites: Network access to port 8021 · Default authentication credentials ('ClueCon')

MITRE ATT&CK

T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026