EIP-2026-104578

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104578. PoCs published by Kenzley Alphonse.

AI-analyzed exploit summary This exploit leverages a stack overflow vulnerability in the `nfs_convert_old_nfs_args` function in the Mac OS X Lion kernel (xnu-1699.32.7 and earlier) to escalate privileges. It crafts a malicious NFS mount request with an oversized buffer to overwrite the stack and redirect execution to a shellcode that sets the UID to 0.

Description

Apple Mac OSX (Lion) Kernel xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by Kenzley Alphonse · clocalosx

https://www.exploit-db.com/exploits/32813

View Code ZIP pw:eip

This exploit leverages a stack overflow vulnerability in the `nfs_convert_old_nfs_args` function in the Mac OS X Lion kernel (xnu-1699.32.7 and earlier) to escalate privileges. It crafts a malicious NFS mount request with an oversized buffer to overwrite the stack and redirect execution to a shellcode that sets the UID to 0.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Apple Mac OS X Lion Kernel <= xnu-1699.32.7 (except xnu-1699.24.8)

No auth needed

Prerequisites: Local access to the target system · Ability to execute code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Apple Mac OSX (Lion) Kernel xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Local Privilege Escalation

Exploitation Summary

Description

Exploits (1)

Details