EIP-2026-119206
PRE-CVETeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-119206. PoCs published by Scurippio.
AI-analyzed exploit summary This exploit leverages a Remote File Inclusion (RFI) vulnerability in TeamSpeak Client <= 3.0.18.1, allowing an attacker to inject malicious files (e.g., HTA, MSI) via a crafted [img] BBCode tag in channel descriptions. The exploit bypasses content-type checks and uses directory traversal to place executable files in sensitive locations (e.g., Startup folder) for RCE.
Description
TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution
Exploits (1)
This exploit leverages a Remote File Inclusion (RFI) vulnerability in TeamSpeak Client <= 3.0.18.1, allowing an attacker to inject malicious files (e.g., HTA, MSI) via a crafted [img] BBCode tag in channel descriptions. The exploit bypasses content-type checks and uses directory traversal to place executable files in sensitive locations (e.g., Startup folder) for RCE.