EIP-2026-103807

PRE-CVE

Platform Load Sharing Facility 4/5 - 'LSF_ENVDIR' Local Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103807. PoCs published by Tomasz Grabowski.

AI-analyzed exploit summary This exploit leverages improper handling of environment variables in LSF 5.1's 'lsadmin' binary to execute arbitrary code with elevated privileges. It sets LSF_SERVERDIR to the current directory, allowing the attacker to execute a malicious binary ('lim') as root, which then reads and outputs the first line of /etc/shadow.

Description

Platform Load Sharing Facility 4/5 - 'LSF_ENVDIR' Local Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tomasz Grabowski · bashlocalmultiple

https://www.exploit-db.com/exploits/22628

View Code ZIP pw:eip

This exploit leverages improper handling of environment variables in LSF 5.1's 'lsadmin' binary to execute arbitrary code with elevated privileges. It sets LSF_SERVERDIR to the current directory, allowing the attacker to execute a malicious binary ('lim') as root, which then reads and outputs the first line of /etc/shadow.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Load Sharing Facility (LSF) 5.1

No auth needed

Prerequisites: Local access to the system · LSF 5.1 installed with vulnerable 'lsadmin' binary

MITRE ATT&CK

T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026