CVE-2025-26686

HIGH

Windows TCP/IP < - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-26686. PoCs published by mrk336, cyghtinc.

AI-analyzed exploit summary The repository provides a detailed writeup on CVE-2025-26686, a critical RCE vulnerability in the Windows TCP/IP stack due to a missing spin-lock in tcpip.sys. It includes technical analysis, pseudo-code examples, and mitigation steps but lacks actual exploit code.

Description

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Exploits (2)

nomisec WRITEUP 32 stars

by mrk336 · poc

https://github.com/mrk336/CVE-2025-26686-The-TCP-IP-Flaw-That-Opens-the-Gates

View Code ZIP pw:eip

The repository provides a detailed writeup on CVE-2025-26686, a critical RCE vulnerability in the Windows TCP/IP stack due to a missing spin-lock in tcpip.sys. It includes technical analysis, pseudo-code examples, and mitigation steps but lacks actual exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Windows 10, 11, and Server editions (TCP/IP stack)

No auth needed

Prerequisites: Network access to the target system · Ability to send crafted TCP packets

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB

by cyghtinc · poc

https://github.com/cyghtinc/CVE-2025-26686-poc-A-critical-RCE-vulnerability-in-Windows-TCP-IP-stack

View Code ZIP pw:eip

The repository contains only a README.md with no actual exploit code, claiming a critical RCE vulnerability in the Windows TCP/IP stack but providing no technical details or PoC implementation.

Classification

Stub 90%

Attack Type

Rce

Complexity

Theoretical

Reliability

Theoretical

Target: Windows TCP/IP stack (version unspecified)

No auth needed

Prerequisites: None specified

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26686

Scores

CVSS v3 7.5

EPSS 0.0138

EPSS Percentile 68.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-591

Status published

Products (17)

microsoft/windows_10_1507 < 10.0.10240.20978 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.7969 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.7136 (2 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.5737

microsoft/windows_10_22h2 < 10.0.19045.5737

microsoft/windows_11_22h2 < 10.0.22621.5189

microsoft/windows_11_23h2 < 10.0.22631.5189

microsoft/windows_11_24h2 < 10.0.26100.3775

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2 sp1

... and 7 more

Published Apr 08, 2025

Tracked Since Feb 18, 2026