EIP-2026-117269

PRE-CVE

Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117269. PoCs published by Cyril Vallicari.

AI-analyzed exploit summary The exploit describes an unquoted path vulnerability in Hex: Shard of Fate 1.0.1.026, where the game executable fails to quote a path, potentially allowing local privilege escalation via arbitrary code execution. The PoC involves placing a malicious 'Program.exe' in the root of C: and triggering it via the in-game store.

Description

Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Cyril Vallicari · textlocalwindows

https://www.exploit-db.com/exploits/39820

View Code ZIP pw:eip

The exploit describes an unquoted path vulnerability in Hex: Shard of Fate 1.0.1.026, where the game executable fails to quote a path, potentially allowing local privilege escalation via arbitrary code execution. The PoC involves placing a malicious 'Program.exe' in the root of C: and triggering it via the in-game store.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Hex: Shard of Fate 1.0.1.026

Auth required

Prerequisites: Local access to the system · Ability to place a file in C:\ · Game or Steam running with elevated privileges

MITRE ATT&CK

T1546.008 - Accessibility Features

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026