EIP-2026-120686

PRE-CVE

Apache HertzBeat 1.8.0 - Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-120686. PoCs published by Brett Gervasoni.

AI-analyzed exploit summary This exploit demonstrates a Remote Code Execution (RCE) vulnerability in Apache HertzBeat 1.8.0 via the scriptCommand parameter in a monitoring template definition. An authenticated user can overwrite a template to execute arbitrary OS commands through the script protocol.

Description

Apache HertzBeat 1.8.0 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by Brett Gervasoni · textwebappsmultiple

https://www.exploit-db.com/exploits/52563

View Code ZIP pw:eip

This exploit demonstrates a Remote Code Execution (RCE) vulnerability in Apache HertzBeat 1.8.0 via the scriptCommand parameter in a monitoring template definition. An authenticated user can overwrite a template to execute arbitrary OS commands through the script protocol.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache HertzBeat 1.8.0

Auth required

Prerequisites: Authenticated user access · Active monitoring instances or ability to create one

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since May 15, 2026