EIP-2026-115270

PRE-CVE

FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115270. PoCs published by Arash Allebrahim.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in the FortKnox Personal Firewall kernel driver (fortknoxfw.sys) by sending a malformed IOCTL request with a buffer filled with 'A' (0x41) to trigger a DRIVER_IRQL_NOT_LESS_OR_EQUAL (0xD1) bugcheck, leading to a system crash.

Description

FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption

Exploits (1)

exploitdb WORKING POC VERIFIED

by Arash Allebrahim · c++doswindows

https://www.exploit-db.com/exploits/29164

View Code ZIP pw:eip

This exploit targets a memory corruption vulnerability in the FortKnox Personal Firewall kernel driver (fortknoxfw.sys) by sending a malformed IOCTL request with a buffer filled with 'A' (0x41) to trigger a DRIVER_IRQL_NOT_LESS_OR_EQUAL (0xD1) bugcheck, leading to a system crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: FortKnox Personal Firewall 9.0.305.0 and 10.0.305.0

No auth needed

Prerequisites: Access to the target system to execute the exploit · FortKnox Personal Firewall installed with vulnerable driver

MITRE ATT&CK

T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026