EIP-2026-116587

PRE-CVE

XAMPP Control Panel - Denial Of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116587. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a memory corruption DoS vulnerability in the XAMPP Control Panel by sending junk data to specific ports (e.g., MySQL, Tomcat, FileZilla, Mercury Mail). The script continuously sends 'DOOM' to the target port until the XAMPP Control Panel crashes with an access violation.

Description

XAMPP Control Panel - Denial Of Service

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · pythondoswindows

https://www.exploit-db.com/exploits/40964

View Code ZIP pw:eip

This exploit demonstrates a memory corruption DoS vulnerability in the XAMPP Control Panel by sending junk data to specific ports (e.g., MySQL, Tomcat, FileZilla, Mercury Mail). The script continuously sends 'DOOM' to the target port until the XAMPP Control Panel crashes with an access violation.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: XAMPP Control Panel (versions 3.1.0, 3.2.2)

No auth needed

Prerequisites: Network access to the target XAMPP Control Panel ports · XAMPP Control Panel running with vulnerable services

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026