CVE-2021-4034

HIGH KEV RANSOMWARE LAB

Local Privilege Escalation in polkits pkexec

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2021-4034 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 27, 2022, with confirmed use in ransomware campaigns. EIP tracks 174 public exploits from researchers including Lance Biggerstaff, berdav, ly4k, including a Metasploit module exploits/linux/local/cve_2021_4034_pwnkit_lpe_pkexec.

AI-analyzed exploit summary This exploit leverages a vulnerability in PolicyKit's pkexec (CVE-2021-4034) to achieve local privilege escalation by manipulating environment variables and loading a malicious shared library via GCONV_PATH. The exploit consists of a shared library (evil.so) that spawns a root shell and a main exploit binary that sets up the environment for exploitation.

Description

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Exploits (174)

exploitdb WORKING POC
by Lance Biggerstaff · textlocallinux
https://www.exploit-db.com/exploits/50689

This exploit leverages a vulnerability in PolicyKit's pkexec (CVE-2021-4034) to achieve local privilege escalation by manipulating environment variables and loading a malicious shared library via GCONV_PATH. The exploit consists of a shared library (evil.so) that spawns a root shell and a main exploit binary that sets up the environment for exploitation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: PolicyKit-1 0.105-31 (pkexec)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2,027 stars
by berdav · local
https://github.com/berdav/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Access to a vulnerable system with pkexec installed · Ability to compile and execute the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1,283 stars
by ly4k · local
https://github.com/ly4k/PwnKit

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to a vulnerable system · Presence of pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1,125 stars
by arthepsy · local
https://github.com/arthepsy/CVE-2021-4034

This repository contains a functional proof-of-concept exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the patch)
No auth needed
Prerequisites: Local access to the vulnerable system · gcc compiler available
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 346 stars
by PwnFunction · local
https://github.com/PwnFunction/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages an out-of-bounds read/write primitive to manipulate environment variables and execute arbitrary code with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (version 0.105-26ubuntu1)
No auth needed
Prerequisites: Access to a vulnerable system with polkit installed · Ability to compile and execute the exploit code
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 26 stars
by c3c · local
https://github.com/c3c/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared object to gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: Local access to a vulnerable system · pkexec installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 19 stars
by dadvlingd · local
https://github.com/dadvlingd/CVE-2021-4034

This repository contains functional exploit code for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploits manipulate environment variables and file paths to execute arbitrary code with root privileges via a malicious shared library.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 12 stars
by chenaotian · local
https://github.com/chenaotian/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in PolKit's pkexec. The exploit leverages environment variable manipulation (GCONV_PATH) and a crafted shared object to achieve root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: PolKit (pkexec) versions 2009-2021
No auth needed
Prerequisites: Local access to a vulnerable system · pkexec with SUID bit set
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 10 stars
by wudicainiao · local
https://github.com/wudicainiao/cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to the target system · gcc installed on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 8 stars
by rvzsec · poc
https://github.com/rvzsec/CVE-2021-4034

This repository contains a functional Python-based exploit for CVE-2021-4034 (PwnKit), which leverages a local privilege escalation vulnerability in polkit's pkexec. The exploit manipulates environment variables and creates malicious shared objects to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before 0.122)
No auth needed
Prerequisites: local access to the target system · gcc compiler to build the shared object
devstral-2 · analyzed Jun 01, 2026 Full analysis →
nomisec WORKING POC 8 stars
by rvizx · local
https://github.com/rvizx/CVE-2021-4034

This repository contains a functional Python-based PoC for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: Local access to the target system · gcc installed to compile the shared library
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 4 stars
by Y3A · local
https://github.com/Y3A/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit manipulates environment variables and leverages a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: Local access to the target system · gcc compiler available
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 4 stars
by tahaafarooq · local
https://github.com/tahaafarooq/poppy

This repository contains functional exploit code for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit < 0.120
No auth needed
Prerequisites: Local access to a vulnerable system · gcc and make installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 4 stars
by TheJoyOfHacking · local
https://github.com/TheJoyOfHacking/berdav-CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Access to a vulnerable system with pkexec installed · Ability to compile and execute the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 3 stars
by artemis-mike · local
https://github.com/artemis-mike/cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges. The included Ansible playbook automates the exploitation and verification process.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: Local access to a vulnerable system · gcc for compiling the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP 2 stars
by wechicken456 · poc
https://github.com/wechicken456/CVE-2021-4034-CTF-writeup

This repository provides a detailed technical analysis of CVE-2021-4034, including a CTF challenge setup, Ghidra decompilation insights, and exploitation steps. It explains the vulnerability in the context of a custom binary and includes a solve script for the challenge.

Classification
Writeup 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Custom CTF binary (chal) leveraging CVE-2021-4034 (PwnKit)
No auth needed
Prerequisites: Vulnerable kernel with specific packages installed · Unprivileged user access
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Pixailz · local
https://github.com/Pixailz/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages an out-of-bounds read/write primitive to manipulate environment variables and execute arbitrary code with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.120)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Nosferatuvjr · local
https://github.com/Nosferatuvjr/PwnKit

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in Polkit's pkexec. The exploit leverages environment variable injection to execute arbitrary code as root by manipulating the GCONV_PATH variable and creating malicious shared libraries.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit pkexec (versions before the patch)
No auth needed
Prerequisites: Access to a vulnerable system with pkexec installed · Ability to compile the exploit code
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by jayhutajulu1 · local
https://github.com/jayhutajulu1/PwnKit-CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (polkit)
No auth needed
Prerequisites: local access to the target system · pkexec installed with SUID bit set
devstral-2 · analyzed May 20, 2026 Full analysis →
nomisec WRITEUP 1 stars
by trinetra-1308 · local
https://github.com/trinetra-1308/PwnKit-

This repository provides a detailed technical analysis of CVE-2021-4034 (PwnKit), including root cause analysis, mitigation strategies, and patching guidance. It includes in-depth explanations of the memory corruption vulnerability in Polkit's pkexec binary, which allows local privilege escalation due to improper handling of argument vectors.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit pkexec (versions before patched releases)
No auth needed
Prerequisites: Local access to a vulnerable system · Presence of vulnerable pkexec binary with SUID bit set
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WRITEUP 1 stars
by usmansec · poc
https://github.com/usmansec/-CVE-2021-4034

This repository contains a detailed technical report on CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec (polkit). The report includes methodology, risk assessment, and remediation recommendations but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (polkit)
No auth needed
Prerequisites: Vulnerable version of pkexec (polkit)
devstral-2 · analyzed Jun 10, 2026 Full analysis →
gitlab WORKING POC 1 stars
by FR4NC0X · poc
https://gitlab.com/FR4NC0X/pwnkit-helper

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit downloads and compiles a malicious shared library to gain root access.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.120)
No auth needed
Prerequisites: gcc · wget · pkexec with SUID bit set
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec SUSPICIOUS 1 stars
by kaisen-bot · poc
https://github.com/kaisen-bot/pwnkit-helper

The repository claims to exploit CVE-2021-4034 (PwnKit) but lacks actual exploit code, instead pushing users to download a ZIP file from an external source. The README is vague and marketing-oriented, with no technical details about the vulnerability.

Classification
Suspicious 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to a vulnerable system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by jscamposx · poc
https://github.com/jscamposx/hack

This repository contains a compiled exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in Polkit's pkexec component, along with a PHP reverse shell script for post-exploitation. The exploit manipulates environment variables to execute arbitrary code as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to a vulnerable Linux system with pkexec installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by zaaraZiof0 · local
https://github.com/zaaraZiof0/pkexec-exploit-CVE

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit includes both Python and C implementations, along with a vulnerability detector.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions from 2009 to January 2022)
No auth needed
Prerequisites: Vulnerable version of polkit with SUID bit set on pkexec
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by dr4xp · local
https://github.com/dr4xp/pwnkit-helper

This repository contains a Python script that automates the exploitation of CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. It downloads the exploit code from a known source, compiles it, and executes it to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Presence of vulnerable pkexec binary with SUID bit set · GCC or similar compiler to build the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by CYB3RK1D · local
https://github.com/CYB3RK1D/CVE-2021-4034-POC

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and the GCONV_PATH mechanism to execute arbitrary code as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: Local access to a vulnerable system · Compilation tools (gcc)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by mutur4 · local
https://github.com/mutur4/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and memory corruption to gain root privileges on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions <= 0.105)
No auth needed
Prerequisites: Vulnerable version of pkexec with SUID bit set · Access to a local shell on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by cdxiaodong · local
https://github.com/cdxiaodong/CVE-2021-4034-touch

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation via environment variable manipulation and a malicious shared library. The exploit uses a crafted environment to trigger arbitrary command execution as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (version < 0.120)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by h3x0v3rl0rd · poc
https://github.com/h3x0v3rl0rd/CVE-2021-4034_Python3

This repository contains a functional Python3 exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation via environment variable manipulation and malicious shared library injection.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: Local access to the target system · pkexec installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by A1vinSmith · local
https://github.com/A1vinSmith/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a crafted shared object to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: pkexec with SUID bit set · local access to the system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB 1 stars
by xcanwin · poc
https://github.com/xcanwin/CVE-2021-4034-UniontechOS

The repository contains only a README file with a brief description of CVE-2021-4034 affecting UniontechOS, but no exploit code or technical details. It lacks depth and functional content.

Classification
Stub 90%
Attack Type
Lpe
Complexity
Theoretical
Reliability
Theoretical
Target: UniontechOS (UOS) desktop operating system
Auth required
Prerequisites: Local access to the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 1 stars
by jcatala · remote
https://github.com/jcatala/f_poc_cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation via environment variable manipulation and malicious shared library injection.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (polkit)
No auth needed
Prerequisites: Local access to the target system · Compilation of the provided C code
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Leemyunglyul · poc
https://github.com/Leemyunglyul/cve-2021-4034-mock

This repository contains a functional proof-of-concept exploit for CVE-2021-4034 (PwnKit), demonstrating a local privilege escalation vulnerability in polkit's pkexec. The exploit manipulates environment variables and argv to trigger an out-of-bounds write, leading to arbitrary code execution with root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to the target system · Compilation of the exploit code
devstral-2 · analyzed May 24, 2026 Full analysis →
nomisec SCANNER
by vorkampfer · poc
https://github.com/vorkampfer/pwnkit_safety_check

This repository contains a read-only scanner for CVE-2021-4034 (PwnKit) that checks for vulnerable versions of polkit/pkexec without exploiting the vulnerability. It detects OS distribution, checks pkexec permissions, and verifies installed package versions against known patched versions.

Classification
Scanner 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) versions before patched versions (e.g., Arch: 0.120-3, Debian/Ubuntu: varies)
No auth needed
Prerequisites: access to the target system · ability to execute binaries
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WRITEUP
by usman-khan-23626 · poc
https://github.com/usman-khan-23626/-CVE-2021-4034

This repository contains a detailed technical report on CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec (polkit). The report includes methodology, risk assessment, and remediation recommendations but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (polkit)
Auth required
Prerequisites: Local access to a vulnerable system · Presence of vulnerable pkexec version
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WORKING POC
by B1gN0Se · local
https://github.com/B1gN0Se/PwnKit_CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in pkexec (part of polkit). The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the patch)
No auth needed
Prerequisites: Local access to a vulnerable Linux system · Presence of pkexec in /usr/bin/
devstral-2 · analyzed Apr 28, 2026 Full analysis →
nomisec WORKING POC
by Murguii · poc
https://github.com/Murguii/DEV-CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a memory corruption vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and uses a malicious shared library to execute a shell with root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Apr 15, 2026 Full analysis →
nomisec WRITEUP
by vaibhavkrishna12004 · poc
https://github.com/vaibhavkrishna12004/ubuntu-privesc-lab

This repository provides a detailed technical walkthrough of exploiting CVE-2021-4034 (PwnKit) for local privilege escalation on Ubuntu, including reconnaissance, credential brute-forcing, and step-by-step exploitation using a compiled exploit from an external source.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit (pkexec) on Linux systems
Auth required
Prerequisites: initial access via SSH · compiler tools (gcc, make) · git
devstral-2 · analyzed Apr 10, 2026 Full analysis →
nomisec WORKING POC
by devianntsec · poc
https://github.com/devianntsec/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec utility. The exploit includes multiple payloads (shell, id, backdoor, reverse shell) and detailed technical analysis.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (0.105-31 and earlier)
No auth needed
Prerequisites: Linux system with vulnerable polkit · GCC compiler · Python 3.6+
devstral-2 · analyzed May 28, 2026 Full analysis →
nomisec WORKING POC
by devianntsec · poc
https://github.com/devianntsec/CVE-2021-4034-PwnKit-Masters-Thesis

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec utility. The exploit leverages an out-of-bounds write to inject malicious environment variables, leading to arbitrary code execution as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) versions 0.105-31 and earlier
No auth needed
Prerequisites: Linux system with vulnerable polkit · GCC compiler · Python 3.6+ · Standard user account
devstral-2 · analyzed Apr 10, 2026 Full analysis →
nomisec WORKING POC
by Allu-mette · local
https://github.com/Allu-mette/cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in Polkit's pkexec utility. The exploit leverages improper argument handling when argc == 0 to achieve root privileges via a crafted environment variable and embedded shellcode.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit (pkexec) versions before 0.105-26ubuntu1.1
No auth needed
Prerequisites: Unpatched Polkit (pkexec) with SUID bit set · x86_64 Linux environment
devstral-2 · analyzed Mar 03, 2026 Full analysis →
nomisec WORKING POC
by Abbykito · local
https://github.com/Abbykito/KERNELexploits

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to a vulnerable system · pkexec installed
devstral-2 · analyzed Mar 01, 2026 Full analysis →
gitlab WORKING POC
by zoobab · poc
https://gitlab.com/zoobab/cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · compilation tools (make, gcc)
devstral-2 · analyzed Feb 23, 2026 Full analysis →
gitlab WORKING POC
by Tramadol · local
https://gitlab.com/Tramadol/cve-2021-4034

This is a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. It leverages environment variable manipulation and a malicious shared library to gain root access via setuid calls.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: local access to the target system · ability to compile and execute the exploit
devstral-2 · analyzed Feb 23, 2026 Full analysis →
gitlab SCANNER
by i7ach1 · poc
https://gitlab.com/i7ach1/pwnkit-cve-2021-4034

This Ansible playbook checks for the presence of the vulnerable pkexec binary and applies a mitigation by changing its permissions. It does not exploit the vulnerability but detects and patches it.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: polkit pkexec (CVE-2021-4034)
Auth required
Prerequisites: access to target system with Ansible · pkexec binary present
devstral-2 · analyzed Feb 23, 2026 Full analysis →
gitlab WORKING POC
by RekGRpth · local
https://gitlab.com/RekGRpth/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · compilation tools (make, gcc)
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WORKING POC
by ramahmdr · local
https://github.com/ramahmdr/PwnKit

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to a vulnerable Linux system · Presence of pkexec in /usr/bin/
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP
by boro03 · poc
https://github.com/boro03/CVE-2021-4034

This repository contains documentation and materials for a study on CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec, a SUID-root program part of polkit. The vulnerability allows unprivileged local users to gain root access and has been present since 2009.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to a vulnerable Linux system with polkit installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP
by BugVex · poc
https://github.com/BugVex/Poison-HTB-Report

This repository contains a detailed technical writeup of exploiting CVE-2021-4034 (PwnKit) on the Hack The Box 'Poison' machine, including step-by-step commands and remediation advice.

Classification
Writeup 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (versions < 0.105)
Auth required
Prerequisites: Access to a vulnerable system with pkexec < 0.105 · Ability to compile a shared object payload
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Milad-Rafie · local
https://github.com/Milad-Rafie/PwnKit-Local-Privilege-Escalation-Vulnerability-Discovered-in-polkit-s-pkexec-CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the patch)
No auth needed
Prerequisites: gcc · vulnerable version of pkexec · local access to the system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by kali-guru · poc
https://github.com/kali-guru/Pwnkit-CVE-2021-4034

This repository contains a Python script that automates the compilation and execution of a known PwnKit (CVE-2021-4034) exploit for local privilege escalation. The script compiles a C-based PoC and executes it to attempt privilege escalation, verifying success by checking root access and reading files in the root directory.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: GCC installed · CVE-2021-4034-poc.c file present in the same directory
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Z3R0space · poc
https://github.com/Z3R0space/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in Polkit's pkexec component. The exploit leverages improper environment variable handling to achieve arbitrary code execution as root via a crafted shared object and gconv-modules file.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit (pkexec) on Unix-like systems
No auth needed
Prerequisites: Local access to the target system · GCC compiler installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
nomisec WORKING POC
by Z3R0-0x30 · local
https://github.com/Z3R0-0x30/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in Polkit's pkexec component. The exploit leverages improper environment variable handling to achieve arbitrary code execution as root via a crafted shared object and gconv-modules file.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to the target system · GCC compiler installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by AsierEgana · local
https://github.com/AsierEgana/cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation via environment variable manipulation and a malicious shared library.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: polkit pkexec (versions before 0.120)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by ikerSandoval003 · local
https://github.com/ikerSandoval003/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and uses a malicious shared library to spawn a root shell.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by marcosChoucino · poc
https://github.com/marcosChoucino/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), demonstrating local privilege escalation via environment variable manipulation in pkexec. The attack involves setting malicious environment variables to trigger arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec version
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by igonzalez357 · local
https://github.com/igonzalez357/CVE-2021-4034-PwnKit-

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), demonstrating a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation to load a malicious shared library, granting root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by nagorealbisu · local
https://github.com/nagorealbisu/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by 12bijaya · local
https://github.com/12bijaya/CVE-2021-4034-PwnKit-

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), which leverages a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and creates a malicious shared library to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: Local access to the target system · gcc installed for compilation
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by dh4r4 · poc
https://github.com/dh4r4/PwnKit-CVE-2021-4034-

The repository contains only a minimal README with no exploit code or technical details. It claims to be a rewrite of the Polkit vulnerability but lacks any substantive content.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Polkit
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by EuJin03 · local
https://github.com/EuJin03/CVE-2021-4034-PoC

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: Local access to a vulnerable system · pkexec installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec STUB
by zxybfq · poc
https://github.com/zxybfq/CVE-2021-4034

The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code or technical details. It appears to be a placeholder or incomplete repository.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by ps-interactive · local
https://github.com/ps-interactive/lab_cve-2021-4034-polkit-emulation-and-detection

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to achieve root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) version 0.105
No auth needed
Prerequisites: Local access to a vulnerable system · Ability to compile and execute Python code
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by evkl1d · local
https://github.com/evkl1d/CVE-2021-4034

This is a functional Python exploit for CVE-2021-4034 (PwnKit), leveraging environment variable manipulation and a malicious shared object to achieve local privilege escalation via pkexec. The exploit follows the original C implementation by blasty, using ctypes to call execve() with crafted environment variables.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to a vulnerable Linux system · Ability to write files in a directory where pkexec is executed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP
by LucasPDiniz · local
https://github.com/LucasPDiniz/CVE-2021-4034

This repository provides a detailed technical analysis of CVE-2021-4034 (PwnKit), explaining the out-of-bounds write vulnerability in pkexec due to improper argument handling, which allows local privilege escalation. It includes a walkthrough of the exploit mechanism and references an external exploit script.

Classification
Writeup 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit (pkexec) versions 0.105 and earlier
No auth needed
Prerequisites: Local access to a vulnerable Linux system with Polkit installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by X-Projetion · local
https://github.com/X-Projetion/Exploiting-PwnKit-CVE-2021-4034-

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to a vulnerable Linux system · Presence of pkexec in /usr/bin/
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by supportingmx · poc
https://github.com/supportingmx/cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared object to gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on various Linux distributions
No auth needed
Prerequisites: Local access to a vulnerable system · Ability to execute commands
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Part01-Pai · poc
https://github.com/Part01-Pai/Polkit-Permission-promotion-compiled

This repository contains a compiled exploit for CVE-2021-4034, a local privilege escalation vulnerability in Polkit's pkexec. The exploit leverages improper environment variable handling to execute arbitrary code with root privileges via a malicious shared library (pwnkit.so).

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Polkit (pkexec) on systems with glibc 2.23 (e.g., Ubuntu 16.04.7)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable Polkit version
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP
by ASG-CASTLE · poc
https://github.com/ASG-CASTLE/CVE-2021-4034

The repository describes CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec utility due to incorrect handling of environment variables, allowing arbitrary code execution. It lacks actual exploit code but provides a technical overview of the vulnerability.

Classification
Writeup 80%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (version not specified)
No auth needed
Prerequisites: Local access to the target system · pkexec installed and vulnerable
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by FancySauce · local
https://github.com/FancySauce/PwnKit-CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (PolicyKit) version 0.105
No auth needed
Prerequisites: gcc compiler on the target system · SUID binary /usr/bin/pkexec present
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Pol-Ruiz · local
https://github.com/Pol-Ruiz/CVE-2021-4034

This repository contains functional exploit code for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages improper environment variable handling to execute arbitrary code with root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: pkexec (part of polkit) on Linux systems
No auth needed
Prerequisites: Local access to a vulnerable Linux system with pkexec installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by cerodah · local
https://github.com/cerodah/CVE-2021-4034

This repository contains a functional proof-of-concept exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to a vulnerable Linux system with polkit installed · GCC compiler to build the shared library
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by JohnGilbert57 · local
https://github.com/JohnGilbert57/CVE-2021-4034-Capture-the-flag

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation (LPE) via environment variable manipulation and malicious gconv-modules configuration.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by asepsaepdin · local
https://github.com/asepsaepdin/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec utility. The exploit leverages incorrect handling of environment variables to execute arbitrary code with elevated privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the fix)
No auth needed
Prerequisites: gcc · make · access to a vulnerable system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC
by velikrgl · cpoc
https://github.com/velikrgl/CVE-Exploits/tree/main/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation via environment variable manipulation and a malicious shared library.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · compilation of the provided C files
devstral-2 · analyzed Apr 29, 2026 Full analysis →
nomisec WORKING POC
by pyhrr0 · poc
https://github.com/pyhrr0/pwnkit

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious gconv module to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to the target system · Presence of pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by fei9747 · local
https://github.com/fei9747/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) < 0.120
No auth needed
Prerequisites: Access to a vulnerable system with pkexec installed · Ability to compile C code
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by galoget · local
https://github.com/galoget/PwnKit-CVE-2021-4034

This repository contains a functional proof-of-concept exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to the target system · gcc installed on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by toecesws · poc
https://github.com/toecesws/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The PHP script appears to be an obfuscated payload designed to exploit the vulnerability by manipulating environment variables to achieve root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) versions before 0.120
No auth needed
Prerequisites: Local access to a vulnerable system · Presence of pkexec in the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by antoinenguyen-09 · local
https://github.com/antoinenguyen-09/CVE-2021-4034

This repository contains functional exploit code for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious gconv module to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: Local access to a vulnerable system · gcc and make for compilation
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Geni0r · poc
https://github.com/Geni0r/cve-2021-4034-poc

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) versions before 0.120
No auth needed
Prerequisites: Local access to the target system · gcc installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Silencecyber · poc
https://github.com/Silencecyber/cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation via environment variable manipulation and a malicious shared library. The exploit creates a fake gconv module directory and executes pkexec with crafted environment variables to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (version < 0.122)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by HellGateCorp · local
https://github.com/HellGateCorp/pwnkit

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious gconv module to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: Local access to a vulnerable system · Presence of pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github WORKING POC
by CaraTortu · pythonpoc
https://github.com/CaraTortu/CVE_POCs/tree/main/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a pre-compiled shared object to gain root access on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: Local access to a vulnerable system · Python 3 environment
devstral-2 · analyzed Apr 29, 2026 Full analysis →
nomisec WORKING POC
by CronoX1 · local
https://github.com/CronoX1/CVE-2021-4034

This exploit leverages CVE-2021-4034 (PwnKit) to achieve local privilege escalation by manipulating environment variables and abusing pkexec's handling of the GCONV_PATH variable. It compiles a shared library to spawn a root shell and modifies system configurations to grant sudo privileges to a specified user.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to the target system · GCC or equivalent compiler to build the exploit
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SUSPICIOUS
by TanmoyG1800 · poc
https://github.com/TanmoyG1800/CVE-2021-4034

The repository contains no exploit code or technical details, only a vague README with a claim to 'get root.' This is characteristic of a social engineering lure.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by 0x4ndy · local
https://github.com/0x4ndy/CVE-2021-4034-PoC

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Local access to a vulnerable system · Presence of pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by TotallyNotAHaxxer · local
https://github.com/TotallyNotAHaxxer/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before 0.120)
No auth needed
Prerequisites: Local access to the target system · Presence of pkexec binary
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by tzwlhack · local
https://github.com/tzwlhack/CVE-2021-4034

This is a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and the GCONV_PATH to execute arbitrary code with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: Local access to a vulnerable system · pkexec installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github SUSPICIOUS
by venkyr · cpoc
https://github.com/venkyr/cve-pocs/tree/main/CVE-2021-4034

The repository lacks actual exploit code and instead directs users to clone and execute an external repository, which is a common tactic for distributing malware or fake exploits. No technical details about CVE-2021-4034 are provided.

Classification
Suspicious 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: pkexec (Polkit)
No auth needed
Prerequisites: access to a vulnerable system
devstral-2 · analyzed Apr 29, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/milot/dissecting-pkexec-cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.120)
No auth needed
Prerequisites: Local access to the target system · gcc compiler to compile the exploit
devstral-2 · analyzed Feb 26, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/0x05a/my-cve-2021-4034-poc

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging environment variable manipulation to achieve local privilege escalation via pkexec. The exploit creates a malicious gconv module and executes it with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: local access to the target system · ability to compile and execute the exploit
devstral-2 · analyzed Feb 26, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/deep-know/CVE-2021-4034

This repository contains functional exploit code for CVE-2021-4034, a local privilege escalation vulnerability in Polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit (pkexec) versions 0.92 to 0.120
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/TomSgn/CVE-2021-4034

This is a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and GCONV_PATH to execute arbitrary code with root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/nel0x/pwnkit-vulnerability

The repository contains a functional exploit for CVE-2021-4034, a memory corruption vulnerability in Polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit pkexec (default configuration)
No auth needed
Prerequisites: gcc · vulnerable pkexec binary · write permissions in the current directory
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/edsonjt81/CVE-2021-4034-Linux

This repository contains a functional proof-of-concept exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the fix)
No auth needed
Prerequisites: gcc · access to a vulnerable system with pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/ITMarcin2211/Polkit-s-Pkexec-CVE-2021-4034

This repository contains a functional proof-of-concept exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and the gconv module to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the patch)
No auth needed
Prerequisites: gcc · access to a vulnerable system with pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/defhacks/cve-2021-4034

This repository contains a functional Rust-based exploit for CVE-2021-4034 (PwnKit), which leverages environment variable manipulation and a malicious shared library to achieve local privilege escalation via pkexec. The exploit includes a setup script to download a vulnerable version of pkexec and prepares the necessary files for exploitation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.105-26ubuntu1.2)
No auth needed
Prerequisites: vulnerable pkexec binary · ability to compile Rust code · write access to a directory where the malicious library can be placed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Jesrat/make_me_root

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: gcc · local access to the vulnerable system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Squirre17/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation via environment variable manipulation and a malicious shared library.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: gcc · access to a vulnerable system with pkexec
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/movvamrocks/PwnKit-CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Tanmay-N/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: access to a vulnerable system with pkexec installed · ability to compile and execute the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/LJP-TW/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in polkit's pkexec to achieve local privilege escalation via environment variable manipulation and a malicious shared library.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · compilation of the malicious shared library
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/ck00004/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared object to gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/x04000/AutoPwnkit

This repository contains a Python script that automates the exploitation of CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The script provides a menu-driven interface to fetch, compile, and execute the exploit, as well as host an HTTP server for file transfer.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to a vulnerable Linux system with pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/x04000/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Access to a vulnerable Linux system with pkexec installed · Ability to compile C code on the target system
devstral-2 · analyzed Apr 29, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/DanaEpp/pwncat_pwnkit

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit automates the compilation and execution of a malicious shared library to gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
Auth required
Prerequisites: Local access to a vulnerable system · pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/an0n7os/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · compilation tools (gcc, make)
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/FDlucifer/Pwnkit-go

This repository contains a functional Go-based exploit for CVE-2021-4034 (PwnKit), which achieves local privilege escalation via a vulnerability in polkit's pkexec. The exploit dynamically sets up a malicious GCONV_PATH environment variable to execute arbitrary code as root, and includes a bind shell for post-exploitation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the patch)
No auth needed
Prerequisites: local access to a vulnerable system · pkexec binary present and vulnerable
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Joffr3y/Polkit-CVE-2021-4034-HLP

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · gcc and make for compilation
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/drapl0n/pwnKit

This repository provides a USB-Rubber-Ducky payload that exploits CVE-2021-4034 (pwnKit) for local privilege escalation on Unix-like systems. It includes two payload variations (online/offline) to compile and execute the exploit, spawning a root shell.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Unix-like systems
No auth needed
Prerequisites: physical access or USB-Rubber-Ducky deployment · victim system with vulnerable polkit version
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/G01d3nW01f/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), which is a local privilege escalation vulnerability in pkexec. The script compiles a C-based exploit into a shared object file and serves it via an HTTP server for remote retrieval.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: gcc · network access to serve the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Ankit-Ojha16/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · compilation tools (gcc, make)
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/HrishitJoshi/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious gconv module to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: gcc · vulnerable pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/scent2d/PoC-CVE-2021-4034

This PoC exploits CVE-2021-4034 (PwnKit) by manipulating the GCONV_PATH environment variable to execute arbitrary code with root privileges via pkexec. It creates a malicious shared library and leverages improper environment variable handling in polkit's pkexec.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: gcc · presence of pkexec on the system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/teelrabbit/Polkit-pkexec-exploit-for-Linux

This is a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in Polkit's pkexec. It leverages environment variable manipulation and a malicious shared library to gain root access via improper handling of the GCONV_PATH variable.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: gcc · local user access
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Almorabea/pkexec-exploit

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a crafted shared library to achieve root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the patch)
No auth needed
Prerequisites: local access to the target system · ability to compile and execute Python scripts
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/navisec/CVE-2021-4034-PwnKit

This repository contains a functional Nim-based exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (CVE-2021-4034)
No auth needed
Prerequisites: Local access to a vulnerable system · Presence of pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/0x01-sec/CVE-2021-4034-

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before 0.122)
No auth needed
Prerequisites: gcc · access to a vulnerable system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/OXDBXKXO/ez-pwnkit

This repository contains a functional Go-based exploit for CVE-2021-4034 (PwnKit), leveraging a malicious shared library to achieve local privilege escalation via pkexec. The exploit uses environment variable manipulation and a crafted gconv module to execute arbitrary commands as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (polkit)
No auth needed
Prerequisites: Access to a vulnerable system with pkexec installed · Ability to write files to a temporary directory
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/TW-D/PwnKit-Vulnerability_CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (version 0.105)
No auth needed
Prerequisites: gcc · access to a vulnerable Linux system with pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/v-rzh/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging an environment variable manipulation vulnerability in pkexec to achieve local privilege escalation. The exploit includes detailed technical analysis in the README, explaining the root cause and the role of the GIO_USE_VFS environment variable.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions prior to commit daf3d5c2d15466a267221fcb099c59c870098e03)
No auth needed
Prerequisites: Access to a vulnerable system with pkexec installed · Ability to compile and execute the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/glowbase/PwnKit-CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec utility. The exploit leverages environment variable manipulation to execute arbitrary code with elevated privileges, including a compiled C exploit and a shell script for user creation and password setting.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.105-26ubuntu1.1 and 0.117-2)
No auth needed
Prerequisites: local access to the target system · gcc compiler for building the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Kirill89/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in Polkit's pkexec. The exploit leverages environment variable manipulation to inject a malicious shared library, which is then executed with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit (policykit-1) versions 0.105-26ubuntu1 and earlier
No auth needed
Prerequisites: Local access to a vulnerable system · GCC to compile the exploit components
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Rvn0xsy/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation to execute arbitrary code with root privileges, adding a new user 'rooter' with sudo access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: Local access to the target system · Presence of pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/oreosec/pwnkit

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit manipulates environment variables and leverages a malicious gconv module to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · gcc compiler
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Yakumwamba/POC-CVE-2021-4034

This repository contains a functional proof-of-concept exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the vulnerable system · gcc to compile the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/JoyGhoshs/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges via pkexec.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the fix)
No auth needed
Prerequisites: gcc · access to a vulnerable system · network connectivity for reverse shell (optional)
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/jpmcb/pwnkit-go

This repository contains a functional Go-based exploit for CVE-2021-4034 (PwnKit), which leverages a memory corruption vulnerability in pkexec to achieve local privilege escalation. The exploit creates a malicious shared library and manipulates environment variables to execute arbitrary code as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: gcc · vulnerable polkit version
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/pengalaman-1t/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · vulnerable version of polkit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/EstamelGG/CVE-2021-4034-NoGCC

This repository contains functional exploit code for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The PoC leverages environment variable manipulation and a crafted shared object to achieve root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec), versions before 0.120
No auth needed
Prerequisites: local access to the target system · compiler to build the PoC
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Fato07/Pwnkit-exploit

This repository contains multiple functional exploits for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploits leverage environment variable manipulation and malicious shared libraries to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: Local access to the target system · gcc or equivalent compiler for building the shared library
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/deoxykev/CVE-2021-4034-Rust

This repository contains a functional Rust implementation of the CVE-2021-4034 (PwnKit) local privilege escalation exploit. It leverages the vulnerability in polkit's pkexec to gain root access by manipulating environment variables and creating malicious shared objects in /dev/shm.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) before 2022-01-12
No auth needed
Prerequisites: pkexec with SUID bit set · unpatched system (pre-2022-01-12)
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/DosAmp/pkwned

This repository contains a functional proof-of-concept exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation (LPE) via manipulation of the GCONV_PATH environment variable and a malicious gconv module. The exploit includes multiple components such as a FUSE filesystem to bypass logging and a payload executor to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (polkit) on systems with vulnerable glibc
No auth needed
Prerequisites: vulnerable version of pkexec · glibc with vulnerable g_find_program_in_path · ability to compile and execute the exploit components
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Plethore/CVE-2021-4034

This Python script exploits CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. It compiles a shared object file to manipulate environment variables and execute arbitrary commands with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: gcc · local access to the target system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/luckythandel/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in polkit's pkexec to achieve local privilege escalation via environment variable manipulation and a malicious gconv module.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: gcc · access to a vulnerable system with pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/NiS3x/CVE-2021-4034

This repository contains a functional Proof of Concept (PoC) for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the fix)
No auth needed
Prerequisites: gcc · access to a vulnerable system with pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/nikip72/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to achieve root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · ability to write files in a directory
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/ashutoshrohilla/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · gcc installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Al1ex/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the patch)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/callrbx/pkexec-lpe-poc

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in pkexec. The exploit leverages a race condition and environment variable manipulation to execute arbitrary code as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: pkexec (part of polkit)
No auth needed
Prerequisites: gcc · make · access to a vulnerable system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/vilasboasph/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the vulnerable system · compilation tools (make, gcc)
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/phvilasboas/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: access to a vulnerable system with pkexec installed · ability to compile and execute the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Anonymous-Family/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before 0.122)
No auth needed
Prerequisites: gcc · access to a vulnerable system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/luijait/PwnKit-Exploit

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a memory corruption vulnerability in pkexec to achieve local privilege escalation (LPE) by manipulating environment variables and executing arbitrary code with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: Access to a vulnerable system with pkexec installed · Ability to compile and execute the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/joeammond/CVE-2021-4034

This repository contains a functional Python exploit for CVE-2021-4034 (PwnKit), which leverages a vulnerability in polkit's pkexec to achieve local privilege escalation. The exploit uses environment variable manipulation and a crafted shared library to execute arbitrary code as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · ability to execute Python scripts
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/robemmerson/CVE-2021-4034

This repository contains functional exploit code for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The PoC leverages environment variable manipulation and the GCONV_PATH mechanism to execute arbitrary code as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.105-26ubuntu1.1)
No auth needed
Prerequisites: vulnerable version of polkit/pkexec · local user access
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/whokilleddb/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages an out-of-bounds write in argv[] to gain root privileges by manipulating environment variables and loading a malicious shared library.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (all versions)
No auth needed
Prerequisites: local access to a vulnerable system · pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/sunny0day/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), which leverages a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and creates a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · gcc installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/PeterGottesman/pwnkit-exploit

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable injection and a malicious shared object to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: pkexec (polkit)
No auth needed
Prerequisites: vulnerable version of pkexec · local access to the system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/fdellwing/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) versions before 0.105-26ubuntu1.1
No auth needed
Prerequisites: gcc · build-essential · vulnerable polkit version
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/san3ncrypt3d/CVE-2021-4034-POC

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit's pkexec (versions before the fix)
No auth needed
Prerequisites: local access to the target system · gcc installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/c3l3si4n/pwnkit

This repository contains a functional proof-of-concept exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit manipulates environment variables and leverages a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · gcc compiler installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/moldabekov/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), which leverages a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and file paths to execute arbitrary code with root privileges, specifically removing the SUID bit from /usr/bin/pkexec.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (version < 0.122)
No auth needed
Prerequisites: local access to the target system · pkexec installed with SUID bit set
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/aus-mate/CVE-2021-4034-POC

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2021-4034 (PwnKit). The exploit leverages a vulnerability in pkexec to execute arbitrary code with root privileges by manipulating environment variables and the GCONV_PATH mechanism.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: gcc · access to a vulnerable system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/LukeGix/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and the GCONV_PATH to execute arbitrary code with elevated privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (polkit)
No auth needed
Prerequisites: local access to the target system · pkexec SUID binary present
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Nero22k/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec)
No auth needed
Prerequisites: local access to the target system · compilation of the shared library (ezpwn.so)
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/N1et/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (version before 0.120)
No auth needed
Prerequisites: local access to the target system · gcc compiler
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/kimusan/pkwner

This repository contains functional exploit code for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in Polkit's pkexec. The PoC leverages environment variable manipulation and a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Polkit pkexec (versions before the fix)
Auth required
Prerequisites: Local user access · Presence of vulnerable pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Immersive-Labs-Sec/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in Polkit's pkexec. The exploit manipulates environment variables and leverages a malicious gconv module to execute arbitrary code with elevated privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: Local access to the target system · GCC compiler to build the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/zhzyker/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared object to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: local access to the target system · gcc compiler to build the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/wongwaituck/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging an out-of-bounds write in pkexec to achieve local privilege escalation via environment variable manipulation and LD_PRELOAD injection.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit pkexec (all versions)
No auth needed
Prerequisites: gcc · make · access to a vulnerable system with pkexec
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/ayypril/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and uses a malicious shared library to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (polkit)
No auth needed
Prerequisites: gcc · access to a vulnerable system with pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/An00bRektn/CVE-2021-4034

This repository contains a functional Go implementation of CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. The exploit leverages an out-of-bounds write and environment variable manipulation to execute arbitrary code as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) before version 0.120
No auth needed
Prerequisites: Local access to a vulnerable system · pkexec with SUID bit set
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Ayrx/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a race condition in pkexec to achieve local privilege escalation (LPE) by manipulating environment variables and executing a malicious shared library.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: pkexec (part of polkit)
No auth needed
Prerequisites: gcc · presence of pkexec on the target system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/mebeim/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in Polkit's pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Polkit pkexec (policykit-1 <= 0.105-31)
No auth needed
Prerequisites: Vulnerable pkexec binary · GCC for compilation
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/nikaiw/CVE-2021-4034

This is a functional exploit for CVE-2021-4034 (PwnKit), leveraging a vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and the GCONV_PATH to execute arbitrary code with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: Local access to the target system · Presence of pkexec on the system
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/dzonerzy/poc-cve-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious gconv module to execute arbitrary code as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: Local access to a vulnerable system · pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/Audiobahn/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · gcc to compile the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/gbrsh/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034 (PwnKit), leveraging a memory corruption vulnerability in pkexec to achieve local privilege escalation. The exploit manipulates environment variables and uses a malicious shared library to gain root access.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · gcc compiler to build the exploit
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/clubby789/CVE-2021-4034

This PoC exploits CVE-2021-4034 (PwnKit) by manipulating environment variables to execute arbitrary code via pkexec. It creates a malicious shared object and gconv-modules file to achieve local privilege escalation.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: polkit (pkexec) on Linux systems
No auth needed
Prerequisites: Local access to the target system · Presence of pkexec binary
devstral-2 · analyzed Feb 25, 2026 Full analysis →
vulncheck_xdb WORKING POC
local
https://github.com/ryaagard/CVE-2021-4034

This repository contains a functional exploit for CVE-2021-4034, a local privilege escalation vulnerability in pkexec. The exploit leverages environment variable manipulation and a malicious shared library to gain root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: pkexec (part of polkit)
No auth needed
Prerequisites: local access to the target system · pkexec installed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Qualys Security, Andris Raugulis, Dhiraj Mishra, bwatters-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve_2021_4034_pwnkit_lpe_pkexec.rb

This Metasploit module exploits CVE-2021-4034 (PwnKit), a local privilege escalation vulnerability in polkit's pkexec. It leverages improper environment variable handling to execute arbitrary code as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: polkit pkexec (versions before 0.122)
No auth needed
Prerequisites: Local access to a vulnerable system · pkexec binary with setuid bit set
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Exploit, Mitigation, Third Party Advisory
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

Scores

CVSS v3 7.8
EPSS 0.9492
EPSS Percentile 99.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/polkit:0.105
+165 more repos

Details

CISA KEV 2022-06-27
VulnCheck KEV 2022-06-07
InTheWild.io 2022-06-27
ENISA EUVD EUVD-2021-33934
Ransomware Use Confirmed
CWE
CWE-125 CWE-787
Status published
Products (50)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
canonical/ubuntu_linux 21.10
oracle/http_server 12.2.1.3.0
oracle/http_server 12.2.1.4.0
oracle/zfs_storage_appliance_kit 8.8
polkit_project/polkit < 121
redhat/enterprise_linux 8.0
... and 40 more
Published Jan 28, 2022
KEV Added Jun 27, 2022
Tracked Since Feb 18, 2026