EIP-2026-117408

PRE-CVE

League of Legends Screensaver - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117408. PoCs published by Vincent Yiu.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in the League of Legends screensaver service, which could lead to local privilege escalation if the installation directory is writable by an attacker.

Description

League of Legends Screensaver - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Vincent Yiu · textlocalwindows

https://www.exploit-db.com/exploits/39902

View Code ZIP pw:eip

This is a technical writeup detailing an unquoted service path vulnerability in the League of Legends screensaver service, which could lead to local privilege escalation if the installation directory is writable by an attacker.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: League of Legends Screensaver (MD5: 0C1B02079CA8BF850D59DD870BC09963)

Auth required

Prerequisites: League of Legends screensaver installed in a writable directory with unquoted service path · Local access to the system

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026