EIP-2026-102707

PRE-CVE

OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102707. PoCs published by Denis Andzakovic.

AI-analyzed exploit summary This exploit triggers a use-after-free vulnerability in Openlitespeed 1.3.9 by sending a crafted HTTP request with 91 'a: a' headers, causing a segmentation fault due to a memmove call with a freed pointer.

Description

OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Denis Andzakovic · cdoslinux

https://www.exploit-db.com/exploits/37051

View Code ZIP pw:eip

This exploit triggers a use-after-free vulnerability in Openlitespeed 1.3.9 by sending a crafted HTTP request with 91 'a: a' headers, causing a segmentation fault due to a memmove call with a freed pointer.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Openlitespeed 1.3.9

No auth needed

Prerequisites: Openlitespeed 1.3.9 running on a target system · Network access to the target server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026