EIP-2026-101669

PRE-CVE

Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101669. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed writeup describing a local privilege escalation vulnerability in Deutsche Bahn Ticket Vending Machines running Windows XP. The exploit involves bypassing kiosk mode via an error message in the PasswordAgent.exe process to gain access to the local file system.

Description

Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappshardware

https://www.exploit-db.com/exploits/47796

View Code ZIP pw:eip

This is a detailed writeup describing a local privilege escalation vulnerability in Deutsche Bahn Ticket Vending Machines running Windows XP. The exploit involves bypassing kiosk mode via an error message in the PasswordAgent.exe process to gain access to the local file system.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Deutsche Bahn Ticket Vending Machine (Windows XP)

No auth needed

Prerequisites: Physical access to the ticket vending machine · Kiosk mode with error message handling enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026