EIP-2026-103706

PRE-CVE

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103706. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup details a vulnerability in WebKit's frame handling where an integer overflow in the `m_connectedFrameCount` field allows an attacker to bypass frame detachment checks, leading to a UXSS (Universal Cross-Site Scripting) condition. The root cause is the lack of validation for empty URLs in `isURLAllowed`, enabling the creation of 1024 frames to trigger the overflow.

Description

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/47552

View Code ZIP pw:eip

The writeup details a vulnerability in WebKit's frame handling where an integer overflow in the `m_connectedFrameCount` field allows an attacker to bypass frame detachment checks, leading to a UXSS (Universal Cross-Site Scripting) condition. The root cause is the lack of validation for empty URLs in `isURLAllowed`, enabling the creation of 1024 frames to trigger the overflow.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: WebKit (Safari 12.1.1)

No auth needed

Prerequisites: Ability to inject or control HTML content in a WebKit-based browser

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026