EIP-2026-116270

PRE-CVE

SonicWALL E-Class SSL-VPN - ActiveX Control Format String Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116270. PoCs published by Nikolas Sotiriu.

AI-analyzed exploit summary The exploit demonstrates a format string overflow vulnerability in the SonicWALL E-Class SSL-VPN ActiveX Control, specifically targeting the 'AuthCredential' function. The PoC overwrites the EAX register with a controlled value (0x61616161) via a crafted format string, leading to potential arbitrary code execution.

Description

SonicWALL E-Class SSL-VPN - ActiveX Control Format String Overflow

Exploits (1)

exploitdb WORKING POC

by Nikolas Sotiriu · textdoswindows

https://www.exploit-db.com/exploits/14687

View Code ZIP pw:eip

The exploit demonstrates a format string overflow vulnerability in the SonicWALL E-Class SSL-VPN ActiveX Control, specifically targeting the 'AuthCredential' function. The PoC overwrites the EAX register with a controlled value (0x61616161) via a crafted format string, leading to potential arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SonicWALL E-Class SSL-VPN (versions 10.0.4 and earlier, 10.5.1 without hotfix)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX Control must be installed and enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026