EIP-2026-116140

PRE-CVE

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116140. PoCs published by Debasish Mandal.

AI-analyzed exploit summary This is a technical writeup detailing a heap overflow vulnerability in QuteCom 2.2.1, triggered by inputting a phone number exceeding 5000 characters, leading to a DoS/crash. The analysis includes WinDBG output and environmental setup details.

Description

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

Exploits (1)

exploitdb WRITEUP

by Debasish Mandal · textdoswindows

https://www.exploit-db.com/exploits/19328

View Code ZIP pw:eip

This is a technical writeup detailing a heap overflow vulnerability in QuteCom 2.2.1, triggered by inputting a phone number exceeding 5000 characters, leading to a DoS/crash. The analysis includes WinDBG output and environmental setup details.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: QuteCom 2.2.1

No auth needed

Prerequisites: QuteCom 2.2.1 installed · Connection to a SIP server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026