EIP-2026-114767

PRE-CVE

GNU GNATS 3.113.1_6 - Queue-PR Database Command Line Option Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114767. PoCs published by inv[at]dtors.

AI-analyzed exploit summary This Perl script exploits a stack overflow vulnerability in the GNATS queue-pr utility via the '-d' command-line option. It uses a NOP sled, shellcode, and a return address to achieve arbitrary code execution, potentially with elevated privileges.

Description

GNU GNATS 3.113.1_6 - Queue-PR Database Command Line Option Buffer Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by inv[at]dtors · perllocalunix

https://www.exploit-db.com/exploits/22939

View Code ZIP pw:eip

This Perl script exploits a stack overflow vulnerability in the GNATS queue-pr utility via the '-d' command-line option. It uses a NOP sled, shellcode, and a return address to achieve arbitrary code execution, potentially with elevated privileges.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GNATS queue-pr utility version 3.113.1_6

No auth needed

Prerequisites: GNATS queue-pr utility installed · Perl environment · Target system running FreeBSD 5.0 or similar

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026