EIP-2026-116746

PRE-CVE

AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116746. PoCs published by MJ0011.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation vulnerability in AhnLab V3 Internet Security 8.0 by leveraging an unchecked function pointer in the AhnRec2k.sys driver. The code opens the device directly via ZwCreateFile and triggers arbitrary kernel-mode execution.

Description

AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by MJ0011 · textlocalwindows

https://www.exploit-db.com/exploits/15761

View Code ZIP pw:eip

This exploit demonstrates a local privilege escalation vulnerability in AhnLab V3 Internet Security 8.0 by leveraging an unchecked function pointer in the AhnRec2k.sys driver. The code opens the device directly via ZwCreateFile and triggers arbitrary kernel-mode execution.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: AhnLab V3 Internet Security <= 8.0.3.28 (AhnRec2k.sys <= 1.2.0.4)

No auth needed

Prerequisites: Local access to the system · AhnLab V3 Internet Security 8.0 with vulnerable AhnRec2k.sys driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026