EIP-2026-102023

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102023. PoCs published by Synacktiv.

AI-analyzed exploit summary This exploit leverages a use-after-free (UAF) vulnerability in a JavaScript engine to achieve arbitrary read/write primitives, likely targeting a browser or JavaScript runtime. It involves heap spraying, memory corruption, and precise memory manipulation to bypass security mechanisms.

Description

Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)

Exploits (1)

exploitdb WORKING POC

by Synacktiv · javascriptwebappshardware

https://www.exploit-db.com/exploits/49308

View Code ZIP pw:eip

This exploit leverages a use-after-free (UAF) vulnerability in a JavaScript engine to achieve arbitrary read/write primitives, likely targeting a browser or JavaScript runtime. It involves heap spraying, memory corruption, and precise memory manipulation to bypass security mechanisms.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Unknown (likely a browser or JavaScript engine, possibly WebKit-based)

No auth needed

Prerequisites: Victim must visit a malicious webpage or execute the JavaScript in a vulnerable environment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)

Exploitation Summary

Description

Exploits (1)

Details