EIP-2026-104588

PRE-CVE

Apple Mac OSX 10.x - KExtLoad Format String

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104588. PoCs published by Adriel T. Desautels.

AI-analyzed exploit summary The provided text describes a format-string vulnerability in Apple Mac OS X's 'kextload' utility, which can be exploited to execute arbitrary code with superuser privileges if manipulated by another elevated application. The example demonstrates the vulnerability in TDIXSupport, but no functional exploit code is included.

Description

Apple Mac OSX 10.x - KExtLoad Format String

Exploits (1)

exploitdb WRITEUP VERIFIED

by Adriel T. Desautels · textlocalosx

https://www.exploit-db.com/exploits/28576

View Code ZIP pw:eip

The provided text describes a format-string vulnerability in Apple Mac OS X's 'kextload' utility, which can be exploited to execute arbitrary code with superuser privileges if manipulated by another elevated application. The example demonstrates the vulnerability in TDIXSupport, but no functional exploit code is included.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Apple Mac OS X kextload (unspecified version)

No auth needed

Prerequisites: Another application running with elevated privileges to manipulate kextload arguments

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026