EIP-2026-119206

PRE-CVE

TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119206. PoCs published by Scurippio.

AI-analyzed exploit summary This exploit leverages a Remote File Inclusion (RFI) vulnerability in TeamSpeak Client <= 3.0.18.1, allowing an attacker to inject malicious files (e.g., HTA, MSI) via a crafted [img] BBCode tag in channel descriptions. The exploit bypasses content-type checks and uses directory traversal to place executable files in sensitive locations (e.g., Startup folder) for RCE.

Description

TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution

Exploits (1)

exploitdb WORKING POC
by Scurippio · textremotewindows
https://www.exploit-db.com/exploits/38513

This exploit leverages a Remote File Inclusion (RFI) vulnerability in TeamSpeak Client <= 3.0.18.1, allowing an attacker to inject malicious files (e.g., HTA, MSI) via a crafted [img] BBCode tag in channel descriptions. The exploit bypasses content-type checks and uses directory traversal to place executable files in sensitive locations (e.g., Startup folder) for RCE.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TeamSpeak 3 Client 3.0.0 - 3.0.18.1
No auth needed
Prerequisites: Control over a web server to host malicious files · Ability to modify a TeamSpeak channel description
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026