EIP-2026-104024

PRE-CVE

Oracle 10g - Multiple Privilege Escalation Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104024. PoCs published by David Litchfield.

AI-analyzed exploit summary This Metasploit module exploits a privilege escalation vulnerability in Oracle Database's DBMS_JVM_EXP_PERMS package, allowing any user with CREATE SESSION privilege to grant themselves Java IO permissions and execute arbitrary OS commands with SYSTEM privileges. It works on Oracle Database 10gR2, 11gR1, and 11gR2 (Windows only).

Description

Oracle 10g - Multiple Privilege Escalation Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by David Litchfield · rubyremotemultiple

https://www.exploit-db.com/exploits/33600

View Code ZIP pw:eip

This Metasploit module exploits a privilege escalation vulnerability in Oracle Database's DBMS_JVM_EXP_PERMS package, allowing any user with CREATE SESSION privilege to grant themselves Java IO permissions and execute arbitrary OS commands with SYSTEM privileges. It works on Oracle Database 10gR2, 11gR1, and 11gR2 (Windows only).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database 10gR2, 11gR1, 11gR2

Auth required

Prerequisites: Oracle Database with vulnerable DBMS_JVM_EXP_PERMS package · User with CREATE SESSION privilege

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026