EIP-2026-116335

PRE-CVE

Steam Software - Denial of Service

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116335. PoCs published by david.r.klein.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Steam by crafting a malformed 'serverbrowser_ui.vdf' file. The file contains a large buffer of 'A's followed by specific patterns ('BBBB', 'ZZZZ', and NOPs) designed to trigger an access violation in Steam's synchronization process.

Description

Steam Software - Denial of Service

Exploits (1)

exploitdb WORKING POC
by david.r.klein · pythondoswindows
https://www.exploit-db.com/exploits/17291

This exploit demonstrates a denial-of-service (DoS) vulnerability in Steam by crafting a malformed 'serverbrowser_ui.vdf' file. The file contains a large buffer of 'A's followed by specific patterns ('BBBB', 'ZZZZ', and NOPs) designed to trigger an access violation in Steam's synchronization process.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Steam (Latest, as of 2011)
Auth required
Prerequisites: Access to the target's Steam installation directory · Valid Steam account credentials
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026