EIP-2026-103974

PRE-CVE

Lynx 2.8 - Remote Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103974. PoCs published by Michal Zalewski.

AI-analyzed exploit summary The vulnerability is a buffer overflow in Lynx's built-in mailer due to improper handling of long email addresses in 'mailto:' URLs. The exploit involves crafting a hyperlink with an excessively long email address (over 2 kB of 'A's) to trigger the overflow in LMail.c.

Description

Lynx 2.8 - Remote Buffer Overflow

Exploits (1)

exploitdb WRITEUP VERIFIED

by Michal Zalewski · textremotemultiple

https://www.exploit-db.com/exploits/19081

View Code ZIP pw:eip

The vulnerability is a buffer overflow in Lynx's built-in mailer due to improper handling of long email addresses in 'mailto:' URLs. The exploit involves crafting a hyperlink with an excessively long email address (over 2 kB of 'A's) to trigger the overflow in LMail.c.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Lynx (version not specified)

No auth needed

Prerequisites: Victim must follow a crafted 'mailto:' hyperlink

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026