EIP-2026-118639

PRE-CVE

Home FTP Server 1.11.1.149 - (Authenticated) Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118639. PoCs published by chr1x.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Home FTP Server versions 1.10.3 (build 144) and 1.11.1 (build 149). It uses the DotDotPwn tool to fuzz and exploit the FTP server, successfully retrieving files like 'boot.ini' from arbitrary directories via crafted traversal sequences.

Description

Home FTP Server 1.11.1.149 - (Authenticated) Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by chr1x · textremotewindows

https://www.exploit-db.com/exploits/15349

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Home FTP Server versions 1.10.3 (build 144) and 1.11.1 (build 149). It uses the DotDotPwn tool to fuzz and exploit the FTP server, successfully retrieving files like 'boot.ini' from arbitrary directories via crafted traversal sequences.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Home FTP Server v1.10.3 (build 144) and v1.11.1 (build 149)

Auth required

Prerequisites: FTP server access · Valid credentials

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026