EIP-2026-103916

PRE-CVE

Half-Life ClanMod 1.80/1.81 Plugin - Remote Format String

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103916. PoCs published by [email protected].

AI-analyzed exploit summary This exploit targets a format string vulnerability in the Half-Life ClanMod plugin's 'cm_log' command, allowing RCON-authenticated users to overwrite memory and execute arbitrary code. It binds a shell to port 30464/tcp and includes shellcode for remote command execution.

Description

Half-Life ClanMod 1.80/1.81 Plugin - Remote Format String

Exploits (1)

exploitdb WORKING POC VERIFIED

by [email protected] · cremotemultiple

https://www.exploit-db.com/exploits/22139

View Code ZIP pw:eip

This exploit targets a format string vulnerability in the Half-Life ClanMod plugin's 'cm_log' command, allowing RCON-authenticated users to overwrite memory and execute arbitrary code. It binds a shell to port 30464/tcp and includes shellcode for remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Half-Life Server with ClanMod Plugin (v3.1.1.0 and ClanMod 1.81.11)

Auth required

Prerequisites: RCON access to the Half-Life server · ClanMod plugin installed on the server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026