EIP-2026-104591

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104591. PoCs published by mu-b.

AI-analyzed exploit summary This is a functional local privilege escalation exploit for macOS X xnu kernels up to version 1228.3.13. It leverages a vulnerability in workqueue_additem and workqueue_removeitem functions due to improper validation of the user-defined 'prio' parameter, combined with heap spraying via the profil syscall to achieve arbitrary kernel memory corruption and execute privileged code.

Description

Apple Mac OSX xnu 1228.9.59 - Kernel Privilege Escalation

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · clocalosx

https://www.exploit-db.com/exploits/8896

View Code ZIP pw:eip

This is a functional local privilege escalation exploit for macOS X xnu kernels up to version 1228.3.13. It leverages a vulnerability in workqueue_additem and workqueue_removeitem functions due to improper validation of the user-defined 'prio' parameter, combined with heap spraying via the profil syscall to achieve arbitrary kernel memory corruption and execute privileged code.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Apple macOS X xnu <= 1228.3.13

No auth needed

Prerequisites: Local access to a vulnerable macOS system · Compilation as a 64-bit binary

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Apple Mac OSX xnu 1228.9.59 - Kernel Privilege Escalation

Exploitation Summary

Description

Exploits (1)

Details