EIP-2026-116117

PRE-CVE

QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116117. PoCs published by Luis Martínez.

AI-analyzed exploit summary This exploit generates a buffer overflow payload to trigger a Denial of Service (DoS) in QNap QVR Client 5.1.1.30070 by pasting a long string into the password field. The PoC creates a file with 279 'A' characters, which crashes the application when used as input.

Description

QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)

Exploits (1)

exploitdb WORKING POC

by Luis Martínez · pythondoswindows

https://www.exploit-db.com/exploits/45092

View Code ZIP pw:eip

This exploit generates a buffer overflow payload to trigger a Denial of Service (DoS) in QNap QVR Client 5.1.1.30070 by pasting a long string into the password field. The PoC creates a file with 279 'A' characters, which crashes the application when used as input.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: QNap QVR Client 5.1.1.30070

No auth needed

Prerequisites: Access to the QVR Client application · Ability to paste clipboard content into the password field

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026