EIP-2026-102992

PRE-CVE

Shadowsocks - Log File Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102992. PoCs published by X41 D-Sec GmbH.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Shadowsocks, including log file manipulation via crafted hostnames, command execution through unsanitized input in autoban.py, and weak key derivation using MD5. It provides technical analysis, proof-of-concept payloads, and mitigation recommendations.

Description

Shadowsocks - Log File Command Execution

Exploits (1)

exploitdb WRITEUP

by X41 D-Sec GmbH · textlocallinux

https://www.exploit-db.com/exploits/43007

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Shadowsocks, including log file manipulation via crafted hostnames, command execution through unsanitized input in autoban.py, and weak key derivation using MD5. It provides technical analysis, proof-of-concept payloads, and mitigation recommendations.

Classification

Writeup 100%

Attack Type

Rce | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Shadowsocks (latest commit 2ab8c6b on Sep 6, 2017)

No auth needed

Prerequisites: Network access to Shadowsocks server · autoban.py enabled for command execution

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026