EIP-2026-119206

This exploit leverages a Remote File Inclusion (RFI) vulnerability in TeamSpeak Client <= 3.0.18.1, allowing an attacker to inject malicious files (e.g., HTA, MSI) via a crafted [img] BBCode tag in channel descriptions. The exploit bypasses content-type checks and uses directory traversal to place executable files in sensitive locations (e.g., Startup folder) for RCE.