EIP-2026-102835

PRE-CVE

expect (/usr/bin/expect) - Local Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102835. PoCs published by isox.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the 'expect' utility (versions 5.31.8 and 5.28.1) by overflowing the HOME environment variable. It includes shellcode to spawn a shell and allows adjustment of the return address for different systems.

Description

expect (/usr/bin/expect) - Local Buffer Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by isox · clocallinux

https://www.exploit-db.com/exploits/218

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the 'expect' utility (versions 5.31.8 and 5.28.1) by overflowing the HOME environment variable. It includes shellcode to spawn a shell and allows adjustment of the return address for different systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: expect (5.31.8, 5.28.1)

No auth needed

Prerequisites: Access to execute the binary on a vulnerable system · Ability to set environment variables

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026