EIP-2026-118610

PRE-CVE

GoAhead Web Server 2.1.x - Directory Management Policy Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118610. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in GoAhead WebServer, allowing attackers to bypass directory management policies and access sensitive files like script source code via crafted HTTP GET requests.

Description

GoAhead Web Server 2.1.x - Directory Management Policy Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/23555

View Code ZIP pw:eip

The exploit describes a directory traversal vulnerability in GoAhead WebServer, allowing attackers to bypass directory management policies and access sensitive files like script source code via crafted HTTP GET requests.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: GoAhead WebServer

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026