EIP-2026-103642

PRE-CVE

Python 2.7 - 'array.fromstring' Method Use-After-Free

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103642. PoCs published by John Leitch.

AI-analyzed exploit summary The exploit demonstrates a use-after-free vulnerability in Python 2.7's array.fromstring() method, triggered by passing an array to itself, leading to memory corruption. The PoC repeatedly creates arrays and checks for corruption, confirming the vulnerability.

Description

Python 2.7 - 'array.fromstring' Method Use-After-Free

Exploits (1)

exploitdb WORKING POC

by John Leitch · textdosmultiple

https://www.exploit-db.com/exploits/38616

View Code ZIP pw:eip

The exploit demonstrates a use-after-free vulnerability in Python 2.7's array.fromstring() method, triggered by passing an array to itself, leading to memory corruption. The PoC repeatedly creates arrays and checks for corruption, confirming the vulnerability.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Moderate

Reliability

Racy

Target: Python 2.7

No auth needed

Prerequisites: Python 2.7 environment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026