EIP-2026-117151

PRE-CVE

EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117151. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes an unquoted service path vulnerability in EyeLock Myris 3.3.2 SDK Service, allowing local privilege escalation if an attacker can place executable code in the system root path. The service 'MyrisService' is vulnerable due to an unquoted path in its BINARY_PATH_NAME.

Description

EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/40226

View Code ZIP pw:eip

The exploit describes an unquoted service path vulnerability in EyeLock Myris 3.3.2 SDK Service, allowing local privilege escalation if an attacker can place executable code in the system root path. The service 'MyrisService' is vulnerable due to an unquoted path in its BINARY_PATH_NAME.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: EyeLock Myris SDK Service 3.3.21289.1311

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026