EIP-2026-117409

PRE-CVE

Leap Service - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117409. PoCs published by Ross Marks.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path privilege escalation vulnerability in Leap Motion's LeapService. The analysis includes service configuration details and explains how an attacker could exploit the unquoted path to achieve local privilege escalation.

Description

Leap Service - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Ross Marks · textlocalwindows

https://www.exploit-db.com/exploits/40483

View Code ZIP pw:eip

This is a technical writeup detailing an unquoted service path privilege escalation vulnerability in Leap Motion's LeapService. The analysis includes service configuration details and explains how an attacker could exploit the unquoted path to achieve local privilege escalation.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Leap Motion LeapService (version not specified)

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the unquoted service path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026