EIP-2026-116016

PRE-CVE

Oracle Java - APPLET Tag Children Property Memory Corruption

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116016. PoCs published by Skylined.

AI-analyzed exploit summary This exploit leverages a Java applet vulnerability in Oracle Java SE 6 Update 20, where accessing the 'children' property of an applet element triggers a use-after-free condition, leading to a denial-of-service (DoS) via browser crash. The PoC uses JavaScript to dynamically create an applet and access its children property, causing instability.

Description

Oracle Java - APPLET Tag Children Property Memory Corruption

Exploits (1)

exploitdb WORKING POC VERIFIED
by Skylined · htmldoswindows
https://www.exploit-db.com/exploits/15243

This exploit leverages a Java applet vulnerability in Oracle Java SE 6 Update 20, where accessing the 'children' property of an applet element triggers a use-after-free condition, leading to a denial-of-service (DoS) via browser crash. The PoC uses JavaScript to dynamically create an applet and access its children property, causing instability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Oracle Java SE 6 Update 20 (1.6.0_20-b02)
No auth needed
Prerequisites: Victim must have vulnerable Java version installed · Victim must visit a webpage hosting the exploit
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026