EIP-2026-103710

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103710. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in WebKit's handling of shadow DOM elements, allowing an attacker to leak internal elements and manipulate them to achieve arbitrary code execution. The PoC demonstrates how an attacker can access and repurpose a SliderThumbElement from an input element's shadow DOM.

Description

WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldosmultiple

https://www.exploit-db.com/exploits/47452

View Code ZIP pw:eip

This exploit leverages a type confusion vulnerability in WebKit's handling of shadow DOM elements, allowing an attacker to leak internal elements and manipulate them to achieve arbitrary code execution. The PoC demonstrates how an attacker can access and repurpose a SliderThumbElement from an input element's shadow DOM.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebKit revision 246194, Safari version 12.1.1 (14607.2.6.1.1)

No auth needed

Prerequisites: Victim must visit a malicious webpage · WebKit-based browser (e.g., Safari)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment

Exploitation Summary

Description

Exploits (1)

Details