EIP-2026-118868

PRE-CVE

Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration Enumeration

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118868. PoCs published by Andy Davis.

AI-analyzed exploit summary This is a technical writeup describing a vulnerability in Microsoft URLScan and RSA Security SecurID when used together. The issue arises from the order of ISAPI filters, allowing an attacker to enumerate URLScan's extension filtering list via repeated requests with varying extensions.

Description

Microsoft URLScan 2.5/RSA Security SecurID 5.0 - Configuration Enumeration

Exploits (1)

exploitdb WRITEUP VERIFIED

by Andy Davis · textremotewindows

https://www.exploit-db.com/exploits/23034

View Code ZIP pw:eip

This is a technical writeup describing a vulnerability in Microsoft URLScan and RSA Security SecurID when used together. The issue arises from the order of ISAPI filters, allowing an attacker to enumerate URLScan's extension filtering list via repeated requests with varying extensions.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft URLScan and RSA Security SecurID

No auth needed

Prerequisites: Microsoft URLScan and RSA Security SecurID installed on a web server with URLScan placed after SecurID in the ISAPI filter list

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026