EIP-2026-118714

PRE-CVE

kolibri+ Web Server 2 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118714. PoCs published by Usman Saeed.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Kolibri+ Webserver 2, allowing remote attackers to access arbitrary files on the server via crafted HTTP GET requests. The PoC includes example requests to retrieve the 'boot.ini' file.

Description

kolibri+ Web Server 2 - Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by Usman Saeed · textremotewindows

https://www.exploit-db.com/exploits/9643

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Kolibri+ Webserver 2, allowing remote attackers to access arbitrary files on the server via crafted HTTP GET requests. The PoC includes example requests to retrieve the 'boot.ini' file.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Kolibri+ Webserver 2

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026