EIP-2026-102926

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102926. PoCs published by LIWEI.

AI-analyzed exploit summary This exploit demonstrates a heap buffer overflow in Mini-XML 3.2 via the `mxml_string_getc` function, which fails to verify string length, leading to a crash. The PoC uses a fuzzer to trigger the vulnerability by parsing a malformed string with `mxmlLoadString`.

Description

Mini-XML 3.2 - Heap Overflow

Exploits (1)

exploitdb WORKING POC

by LIWEI · clocallinux

https://www.exploit-db.com/exploits/50465

View Code ZIP pw:eip

This exploit demonstrates a heap buffer overflow in Mini-XML 3.2 via the `mxml_string_getc` function, which fails to verify string length, leading to a crash. The PoC uses a fuzzer to trigger the vulnerability by parsing a malformed string with `mxmlLoadString`.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Mini-XML v3.2

No auth needed

Prerequisites: Mini-XML 3.2 compiled with AddressSanitizer · Fuzzer setup to trigger the heap overflow

MITRE ATT&CK

T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Mini-XML 3.2 - Heap Overflow

Exploitation Summary

Description

Exploits (1)

Details