EIP-2026-115629

PRE-CVE

Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115629. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates an XML External Entity (XXE) injection vulnerability in Microsoft Compiled HTML Help (CHM) files by bypassing the standard compilation process. It exfiltrates local files (e.g., C:\Windows\system.ini) via a crafted .chm.chm file and a malicious DTD hosted on a local server.

Description

Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textdoswindows

https://www.exploit-db.com/exploits/47127

View Code ZIP pw:eip

This exploit demonstrates an XML External Entity (XXE) injection vulnerability in Microsoft Compiled HTML Help (CHM) files by bypassing the standard compilation process. It exfiltrates local files (e.g., C:\Windows\system.ini) via a crafted .chm.chm file and a malicious DTD hosted on a local server.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Compiled HTML Help (hh.exe)

No auth needed

Prerequisites: User interaction to open the .chm.chm file · Local or remote server to host the malicious DTD file

MITRE ATT&CK

T1211 - Exploitation for Defense Evasion T1555.005 - Password Managers

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026