EIP-2026-117500

PRE-CVE

Microsoft Internet Explorer 11 - XML External Entity Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117500. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for an XML External Entity (XXE) injection vulnerability in Microsoft Internet Explorer 11. It generates malicious .MHT and XML files that, when opened locally, exfiltrate sensitive files (e.g., system.ini) to an attacker-controlled server.

Description

Microsoft Internet Explorer 11 - XML External Entity Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/46690

View Code ZIP pw:eip

This is a functional proof-of-concept exploit for an XML External Entity (XXE) injection vulnerability in Microsoft Internet Explorer 11. It generates malicious .MHT and XML files that, when opened locally, exfiltrate sensitive files (e.g., system.ini) to an attacker-controlled server.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer v11

No auth needed

Prerequisites: Victim must open the malicious .MHT file locally · Attacker must host a server to receive exfiltrated data

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026