EIP-2026-103322

PRE-CVE

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103322. PoCs published by Jon Stratton.

AI-analyzed exploit summary This Ruby script exploits a vulnerability in Selenium 3.141.59 by creating a malicious Firefox profile that includes a custom handler for 'application/sh' to execute arbitrary shell commands. The exploit leverages the profile overlay feature to inject a base64-encoded zip file containing the malicious configuration.

Description

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

Exploits (1)

exploitdb WORKING POC
by Jon Stratton · rubywebappslinux
https://www.exploit-db.com/exploits/49915

This Ruby script exploits a vulnerability in Selenium 3.141.59 by creating a malicious Firefox profile that includes a custom handler for 'application/sh' to execute arbitrary shell commands. The exploit leverages the profile overlay feature to inject a base64-encoded zip file containing the malicious configuration.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Selenium Server 3.141.59 with Firefox/geckodriver
No auth needed
Prerequisites: Access to Selenium Hub URL · Firefox and geckodriver configured in the target environment
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026