EIP-2026-118755

PRE-CVE

Mako Web Server 2.5 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118755. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates an unauthenticated arbitrary file write vulnerability in Mako Server v2.5, leading to remote command execution via HTTP PUT requests to 'save.lsp' and subsequent execution via 'manage.lsp'. It also includes proof-of-concept code for file disclosure and SSRF vulnerabilities.

Description

Mako Web Server 2.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textremotewindows

https://www.exploit-db.com/exploits/42683

View Code ZIP pw:eip

The exploit demonstrates an unauthenticated arbitrary file write vulnerability in Mako Server v2.5, leading to remote command execution via HTTP PUT requests to 'save.lsp' and subsequent execution via 'manage.lsp'. It also includes proof-of-concept code for file disclosure and SSRF vulnerabilities.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mako Server v2.5

No auth needed

Prerequisites: Network access to the target server · Mako Server v2.5 running with vulnerable tutorial pages

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026