EIP-2026-103854

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103854. PoCs published by sud0woodo.

AI-analyzed exploit summary This exploit leverages the Apache UNO API to achieve unauthenticated remote code execution (RCE) by connecting to a vulnerable LibreOffice/OpenOffice instance running the ServiceManager on an external interface. It uses the SystemShellExecute component to execute arbitrary commands (e.g., calc.exe).

Description

Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by sud0woodo · pythonremotemultiple

https://www.exploit-db.com/exploits/46544

View Code ZIP pw:eip

This exploit leverages the Apache UNO API to achieve unauthenticated remote code execution (RCE) by connecting to a vulnerable LibreOffice/OpenOffice instance running the ServiceManager on an external interface. It uses the SystemShellExecute component to execute arbitrary commands (e.g., calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: LibreOffice 6.1.2, OpenOffice 4.1.6 (and other versions with UNO API)

No auth needed

Prerequisites: Target must run LibreOffice/OpenOffice with ServiceManager exposed on an external interface (e.g., via `soffice --accept='socket,host=0.0.0.0,port=2002;urp;StarOffice.Service'`)

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution

Exploitation Summary

Description

Exploits (1)

Details