EIP-2026-119289

PRE-CVE

WinTFTP Server Pro 3.1 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119289. PoCs published by Yakir Wizman.

AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability in WinTFTP Pro Server v3.1, allowing an attacker to read and write files outside the intended directory using the GET and PUT commands with relative path sequences (e.g., ../../). The proof-of-concept shows successful retrieval of the boot.ini file from a Windows XP system.

Description

WinTFTP Server Pro 3.1 - Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yakir Wizman · textremotewindows

https://www.exploit-db.com/exploits/15427

View Code ZIP pw:eip

This exploit demonstrates a path traversal vulnerability in WinTFTP Pro Server v3.1, allowing an attacker to read and write files outside the intended directory using the GET and PUT commands with relative path sequences (e.g., ../../). The proof-of-concept shows successful retrieval of the boot.ini file from a Windows XP system.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WinTFTP Pro Server v3.1

No auth needed

Prerequisites: Network access to the TFTP server · WinTFTP Pro Server v3.1 running on the target

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026