EIP-2026-119149

PRE-CVE

SmallFTPd 1.0.3 - Directory Traversal

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119149. PoCs published by Yakir Wizman.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in SmallFTPD v1.0.3, allowing an attacker to read arbitrary files outside the intended directory by using relative path sequences (e.g., ../../boot.ini). The proof-of-concept shows a successful retrieval of the boot.ini file via FTP.

Description

SmallFTPd 1.0.3 - Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED
by Yakir Wizman · textremotewindows
https://www.exploit-db.com/exploits/15358

This exploit demonstrates a directory traversal vulnerability in SmallFTPD v1.0.3, allowing an attacker to read arbitrary files outside the intended directory by using relative path sequences (e.g., ../../boot.ini). The proof-of-concept shows a successful retrieval of the boot.ini file via FTP.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SmallFTPD v1.0.3
Auth required
Prerequisites: FTP access to the target server · Valid credentials for authentication
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026