EIP-2026-116709

PRE-CVE

Abyss Web Server X1 2.11.1 - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116709. PoCs published by Tulpa.

AI-analyzed exploit summary This is a technical writeup describing a local privilege escalation vulnerability in Abyss Web Server X1 2.11.1 due to an unquoted service path and weak file permissions. It includes details on the service configuration and potential exploitation vectors.

Description

Abyss Web Server X1 2.11.1 - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tulpa · textlocalwindows

https://www.exploit-db.com/exploits/40460

View Code ZIP pw:eip

This is a technical writeup describing a local privilege escalation vulnerability in Abyss Web Server X1 2.11.1 due to an unquoted service path and weak file permissions. It includes details on the service configuration and potential exploitation vectors.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Abyss Web Server X1 2.11.1

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1547.001 - Registry Run Keys / Startup Folder T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026