EIP-2026-115256

PRE-CVE

FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115256. PoCs published by Paras Bhatia.

AI-analyzed exploit summary This exploit triggers a Denial of Service (DoS) in FlashFXP 4.2.0 Build 1730 by overwriting a buffer with 300 'A' characters and pasting it into the 'Mask' field of the Skip List filter. The crash occurs due to improper handling of the input length.

Description

FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)

Exploits (1)

exploitdb WORKING POC

by Paras Bhatia · pythondoswindows

https://www.exploit-db.com/exploits/48269

View Code ZIP pw:eip

This exploit triggers a Denial of Service (DoS) in FlashFXP 4.2.0 Build 1730 by overwriting a buffer with 300 'A' characters and pasting it into the 'Mask' field of the Skip List filter. The crash occurs due to improper handling of the input length.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: FlashFXP 4.2.0 Build 1730

No auth needed

Prerequisites: FlashFXP installed · ability to paste clipboard content into the application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026