EIP-2026-119294

PRE-CVE

Working Resources 1.7.x/2.15 BadBlue - 'ext.dll' Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119294. PoCs published by Matthew Murphy.

AI-analyzed exploit summary The exploit leverages an input validation flaw in BadBlue's 'ext.dll' component, allowing remote attackers to execute administrative commands by manipulating the 'page' parameter to load '.hts' files. The crafted URL demonstrates unauthorized command execution via the 'MfcIsapiCommand' parameter.

Description

Working Resources 1.7.x/2.15 BadBlue - 'ext.dll' Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Matthew Murphy · textremotewindows

https://www.exploit-db.com/exploits/22511

View Code ZIP pw:eip

The exploit leverages an input validation flaw in BadBlue's 'ext.dll' component, allowing remote attackers to execute administrative commands by manipulating the 'page' parameter to load '.hts' files. The crafted URL demonstrates unauthorized command execution via the 'MfcIsapiCommand' parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: BadBlue (version not specified)

No auth needed

Prerequisites: Network access to the target server · BadBlue server with vulnerable 'ext.dll' component

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026