EIP-2026-100007

PRE-CVE

AIX 5.1 Bellmail - Local Race Condition

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100007. PoCs published by watercloud.

AI-analyzed exploit summary This exploit leverages a race condition in the bellmail command on AIX 5.1 to change the ownership of any file to the current user. The script repeatedly creates and removes a symlink to the target file while bellmail is running, exploiting the race condition to gain ownership.

Description

AIX 5.1 Bellmail - Local Race Condition

Exploits (1)

exploitdb WORKING POC VERIFIED

by watercloud · textlocalaix

https://www.exploit-db.com/exploits/1001

View Code ZIP pw:eip

This exploit leverages a race condition in the bellmail command on AIX 5.1 to change the ownership of any file to the current user. The script repeatedly creates and removes a symlink to the target file while bellmail is running, exploiting the race condition to gain ownership.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: AIX 5.1 bellmail command

Auth required

Prerequisites: Access to an AIX 5.1 system with bellmail installed · Ability to execute scripts on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026