EIP-2026-119361

PRE-CVE

dotDefender 4.02 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119361. PoCs published by David K.

AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in dotDefender WAF versions up to 4.02 due to improper input sanitization. It uses obfuscated JavaScript to bypass the WAF and execute arbitrary code.

Description

dotDefender 4.02 - Authentication Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by David K · textwebappswindows

https://www.exploit-db.com/exploits/14355

View Code ZIP pw:eip

The exploit demonstrates a cross-site scripting (XSS) vulnerability in dotDefender WAF versions up to 4.02 due to improper input sanitization. It uses obfuscated JavaScript to bypass the WAF and execute arbitrary code.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: dotDefender WAF (versions up to 4.02)

No auth needed

Prerequisites: A web application protected by dotDefender WAF · Ability to inject malicious input into a parameter reflected in the response

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026