EIP-2026-115815

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115815. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit leverages unsanitized filenames in PowerShell to execute arbitrary commands embedded in the filename itself. It demonstrates how a specially crafted .ps1 filename with semicolons or spaces can trigger unexpected command execution, bypassing visual inspection of the script's contents.

Description

Microsoft Windows PowerShell - Unsanitized Filename Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · pythondoswindows

https://www.exploit-db.com/exploits/47248

View Code ZIP pw:eip

This exploit leverages unsanitized filenames in PowerShell to execute arbitrary commands embedded in the filename itself. It demonstrates how a specially crafted .ps1 filename with semicolons or spaces can trigger unexpected command execution, bypassing visual inspection of the script's contents.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows PowerShell (unspecified version)

No auth needed

Prerequisites: User interaction required (double-clicking the file or executing via cmd.exe) · PowerShell set as default program for .ps1 files · Network access to a remote server hosting the payload

MITRE ATT&CK

T1059.001 - PowerShell T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Microsoft Windows PowerShell - Unsanitized Filename Command Execution

Exploitation Summary

Description

Exploits (1)

Details