EIP-2026-101128

PRE-CVE

Quantum vmPRO 3.1.2 - Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101128. PoCs published by xistence.

AI-analyzed exploit summary The exploit reveals a hidden backdoor command in Quantum vmPRO 3.1.2 and below, allowing non-admin users to escalate privileges to root via SSH by executing 'shell-escape'. The vulnerability resides in '/usr/local/pancetera/bin/cmd_processor.py', which spawns a root shell without proper authorization checks.

Description

Quantum vmPRO 3.1.2 - Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by xistence · textlocalhardware

https://www.exploit-db.com/exploits/32370

View Code ZIP pw:eip

The exploit reveals a hidden backdoor command in Quantum vmPRO 3.1.2 and below, allowing non-admin users to escalate privileges to root via SSH by executing 'shell-escape'. The vulnerability resides in '/usr/local/pancetera/bin/cmd_processor.py', which spawns a root shell without proper authorization checks.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Quantum vmPRO 3.1.2 and below

Auth required

Prerequisites: SSH access to the target system · Valid non-admin user credentials

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026