EIP-2026-104089

PRE-CVE

Sun Java Virtual Machine 1.x - 'Font.createFont' Method Insecure Temporary File Creation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104089. PoCs published by Jelmer.

AI-analyzed exploit summary This exploit demonstrates an insecure temporary file creation vulnerability in the Sun Java Virtual Machine via the 'Font.createFont' method. The PoC applet attempts to create a temporary file with a predictable name, which could be exploited in combination with other vulnerabilities to achieve code execution.

Description

Sun Java Virtual Machine 1.x - 'Font.createFont' Method Insecure Temporary File Creation

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jelmer · javaremotemultiple

https://www.exploit-db.com/exploits/24264

View Code ZIP pw:eip

This exploit demonstrates an insecure temporary file creation vulnerability in the Sun Java Virtual Machine via the 'Font.createFont' method. The PoC applet attempts to create a temporary file with a predictable name, which could be exploited in combination with other vulnerabilities to achieve code execution.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Sun Java Virtual Machine (versions affected by CVE-2026-127063)

No auth needed

Prerequisites: Victim must run the malicious Java applet · Java Virtual Machine with the vulnerable 'Font.createFont' method

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026