CVE-2026-36228

HIGH

Easy Chat Server 3.1 - Buffer Overflow via Chat Message Functionality

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-36228. PoCs published by NullByte8080.

AI-analyzed exploit summary This repository contains a functional Python-based PoC for CVE-2026-36228, a denial-of-service vulnerability in Easy Chat Server 3.1. The exploit sends an oversized 'mtowho' parameter in a chat message request, causing the server process to crash.

Description

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality

Exploits (1)

github WORKING POC

by NullByte8080 · pythonpoc

https://github.com/NullByte8080/CVE-2026-36228

View Code ZIP pw:eip

This repository contains a functional Python-based PoC for CVE-2026-36228, a denial-of-service vulnerability in Easy Chat Server 3.1. The exploit sends an oversized 'mtowho' parameter in a chat message request, causing the server process to crash.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Easy Chat Server 3.1

Auth required

Prerequisites: Authenticated user session · Access to the chat message endpoint

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed May 22, 2026 Full analysis →

References (2)

Core 2

Core References

http://easy.com

https://github.com/NullByte8080/CVE-2026-36228

Scores

CVSS v3 7.3

EPSS 0.0024

EPSS Percentile 47.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Published May 22, 2026

Tracked Since May 22, 2026