EIP-2026-103689

PRE-CVE

Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103689. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in Unreal Engine <= 2.5 by sending a maliciously crafted WELCOME message with an oversized LEVEL parameter. The overflow can lead to remote code execution (RCE) if the attacker controls the shellcode placement.

Description

Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · textdosmultiple
https://www.exploit-db.com/exploits/34261

This exploit targets a stack-based buffer overflow in Unreal Engine <= 2.5 by sending a maliciously crafted WELCOME message with an oversized LEVEL parameter. The overflow can lead to remote code execution (RCE) if the attacker controls the shellcode placement.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unreal Engine 1, 2, and 2.5
No auth needed
Prerequisites: Network access to the target game server · Target game must be based on Unreal Engine <= 2.5
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026