EIP-2026-103712

PRE-CVE

WebKit 532.5 - Stack Exhaustion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103712. PoCs published by Mathias Karlsson.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) condition in WebKit-based browsers (Safari, Chrome) by recursively generating marquee elements, causing excessive resource consumption and browser crash. The exploit leverages rapid DOM manipulation via setInterval to overwhelm the rendering engine.

Description

WebKit 532.5 - Stack Exhaustion

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mathias Karlsson · htmldosmultiple

https://www.exploit-db.com/exploits/12401

View Code ZIP pw:eip

This exploit triggers a denial-of-service (DoS) condition in WebKit-based browsers (Safari, Chrome) by recursively generating marquee elements, causing excessive resource consumption and browser crash. The exploit leverages rapid DOM manipulation via setInterval to overwhelm the rendering engine.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: WebKit (AppleWebKit/531.9, 531.21.8, 532.5) in Safari 4.0.3/4.0.4 and Chrome 4.1.249

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting this code

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026