EIP-2026-119673

PRE-CVE

Dell OpenManage Server Administrator 8.3 - XML External Entity

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119673. PoCs published by hantwister.

AI-analyzed exploit summary This Ruby script exploits an XXE vulnerability in Dell OpenManage Server Administrator 8.3 by emulating a remote node and tricking the victim OMSA into parsing malicious XML, leading to information disclosure (e.g., /etc/redhat-release).

Description

Dell OpenManage Server Administrator 8.3 - XML External Entity

Exploits (1)

exploitdb WORKING POC

by hantwister · rubywebappsxml

https://www.exploit-db.com/exploits/39909

View Code ZIP pw:eip

This Ruby script exploits an XXE vulnerability in Dell OpenManage Server Administrator 8.3 by emulating a remote node and tricking the victim OMSA into parsing malicious XML, leading to information disclosure (e.g., /etc/redhat-release).

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Dell OpenManage Server Administrator 8.3

No auth needed

Prerequisites: Network access to victim OMSA on ports 5986 and 8080 · Victim OMSA must be able to reach attacker's IP

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026