EIP-2026-101356

PRE-CVE

MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101356. PoCs published by Lorenzo Santina.

AI-analyzed exploit summary This is a functional exploit for a stack clash vulnerability in Mikrotik RouterOS, leveraging ROP chains and shellcode execution to achieve remote code execution (RCE). The exploit targets the 'jsproxy' endpoint and is designed for RouterOS 6.38.4 on MIPSBE architecture.

Description

MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by Lorenzo Santina · pythonremotehardware

https://www.exploit-db.com/exploits/44283

View Code ZIP pw:eip

This is a functional exploit for a stack clash vulnerability in Mikrotik RouterOS, leveraging ROP chains and shellcode execution to achieve remote code execution (RCE). The exploit targets the 'jsproxy' endpoint and is designed for RouterOS 6.38.4 on MIPSBE architecture.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Mikrotik RouterOS 6.38.4

No auth needed

Prerequisites: Network access to the target device · Vulnerable version of RouterOS (6.38.4)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026