EIP-2026-114763

PRE-CVE

Elm Development Group ELM 2.4/2.5.1 Mail for UNIX - ELM Buffer Overflow (1)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114763. PoCs published by Scrippie.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Elm (Electronic Mail for Unix) to spawn a shell with elevated group privileges (EGID=mail). It uses a stack-based overflow via the MAIL environment variable to execute shellcode that calls setgid(12) and spawns /bin/sh.

Description

Elm Development Group ELM 2.4/2.5.1 Mail for UNIX - ELM Buffer Overflow (1)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Scrippie · clocalunix

https://www.exploit-db.com/exploits/19971

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Elm (Electronic Mail for Unix) to spawn a shell with elevated group privileges (EGID=mail). It uses a stack-based overflow via the MAIL environment variable to execute shellcode that calls setgid(12) and spawns /bin/sh.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Elm (Electronic Mail for Unix) on Slackware 4

No auth needed

Prerequisites: Access to a vulnerable version of Elm on Slackware 4 · Ability to set environment variables

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026