EIP-2026-100008

PRE-CVE

IBM AIX 3.2.5 - 'IFS' Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100008. PoCs published by anonymous.

AI-analyzed exploit summary This exploit leverages an older AIX vulnerability where manipulating the IFS environment variable allows execution of arbitrary commands via setuid root programs using system() or popen(). The script creates a malicious directory structure and uses rmail to gain elevated privileges.

Description

IBM AIX 3.2.5 - 'IFS' Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · bashlocalaix

https://www.exploit-db.com/exploits/19344

View Code ZIP pw:eip

This exploit leverages an older AIX vulnerability where manipulating the IFS environment variable allows execution of arbitrary commands via setuid root programs using system() or popen(). The script creates a malicious directory structure and uses rmail to gain elevated privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: AIX 3.2 rmail

No auth needed

Prerequisites: Access to an AIX 3.2 system with rmail installed · Ability to execute scripts on the target system

MITRE ATT&CK

T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026