EIP-2026-117269

The exploit describes an unquoted path vulnerability in Hex: Shard of Fate 1.0.1.026, where the game executable fails to quote a path, potentially allowing local privilege escalation via arbitrary code execution. The PoC involves placing a malicious 'Program.exe' in the root of C: and triggering it via the in-game store.