Apache Solr Admin API Probe for 2026-02-19

Feb 19, 2026 WebExploit

Last Updated: 12:00 UTC

Direct probing of /solr/admin/ management endpoints. CVE-2019-0193 (DataImportHandler RCE) requires admin API access and is frequently exploited for cryptominer deployment. The info/system and cores endpoints are the standard first requests in a Solr exploitation chain.

CVE References

CVE-2019-0193

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

/solr/admin/info/system
/solr/admin/cores?action=STATUS&wt=json

Attackers by Country

IP Address : ASN : City/Provider

164.90.223.224 : AS14061 digitalocean llc : Frankfurt am Main

Share on: