Exploitation Summary
EIP tracks 1 public exploit for CVE-2026-0776. PoCs published by 0x18F.
AI-analyzed exploit summary This repository contains a functional PoC for CVE-2026-0776, demonstrating an uncontrolled search path element vulnerability in Discord's Node.js module resolution. The exploit deploys a malicious 'utf-8-validate.js' module to a predictable path, which Discord loads and executes when launched.
Description
Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the discord_rpc module. The product loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-27057.
Exploits (1)
This repository contains a functional PoC for CVE-2026-0776, demonstrating an uncontrolled search path element vulnerability in Discord's Node.js module resolution. The exploit deploys a malicious 'utf-8-validate.js' module to a predictable path, which Discord loads and executes when launched.
References (1)
Scores
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H