EIP-2026-103671

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103671. PoCs published by Marc Schoenefeld.

AI-analyzed exploit summary This exploit leverages a NULL pointer dereference vulnerability in the Java Virtual Machine's java.util.zip class methods, causing a denial of service (DoS) when called with NULL parameters. The proof-of-concept uses an XSLT template to trigger the vulnerability via the sun.misc.MessageUtils.toStdout method.

Description

Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (2)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marc Schoenefeld · dosmultiple

https://www.exploit-db.com/exploits/22359

View Code ZIP pw:eip

This exploit leverages a NULL pointer dereference vulnerability in the Java Virtual Machine's java.util.zip class methods, causing a denial of service (DoS) when called with NULL parameters. The proof-of-concept uses an XSLT template to trigger the vulnerability via the sun.misc.MessageUtils.toStdout method.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Java Virtual Machine (JVM) implementations, specifically Java 1.4.2

No auth needed

Prerequisites: Java 1.4.2 or vulnerable JVM implementation · Ability to execute XSLT processing with the provided files

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (2)

Exploitation Summary

Description

Exploits (1)

Details