EIP-2026-118796

PRE-CVE

Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (Patch)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118796. PoCs published by Ron Bowes/Andrew Orr.

AI-analyzed exploit summary This exploit is a patch for cadaver 0.23.2 that modifies the WebDAV client to bypass authentication by manipulating the 'Depth' header and URI encoding. It allows unauthorized access to restricted directories.

Description

Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (Patch)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ron Bowes/Andrew Orr · remotewindows

https://www.exploit-db.com/exploits/8754

View Code ZIP pw:eip

This exploit is a patch for cadaver 0.23.2 that modifies the WebDAV client to bypass authentication by manipulating the 'Depth' header and URI encoding. It allows unauthorized access to restricted directories.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: cadaver 0.23.2

No auth needed

Prerequisites: Access to a vulnerable WebDAV server · Compilation of the patched cadaver client

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026