EIP-2026-119396

PRE-CVE

ManageEngine opManager 12.3.150 - Authenticated Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119396. PoCs published by kindredsec.

AI-analyzed exploit summary This exploit leverages authenticated API endpoints in ManageEngine opManager to create and execute workflows, allowing arbitrary command execution on monitored devices. It automates the process of authentication, workflow creation, and execution via crafted JSON payloads.

Description

ManageEngine opManager 12.3.150 - Authenticated Code Execution

Exploits (1)

exploitdb WORKING POC

by kindredsec · pythonwebappswindows

https://www.exploit-db.com/exploits/47255

View Code ZIP pw:eip

This exploit leverages authenticated API endpoints in ManageEngine opManager to create and execute workflows, allowing arbitrary command execution on monitored devices. It automates the process of authentication, workflow creation, and execution via crafted JSON payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ManageEngine opManager 12.3.150

Auth required

Prerequisites: Valid admin credentials for opManager · Network access to the opManager instance

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026