EIP-2026-117507

PRE-CVE

Microsoft PowerShell - XML External Entity Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117507. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates an XML External Entity (XXE) vulnerability in PowerShell's XML parser, allowing local file access and exfiltration to an attacker-controlled server. It includes functional PoC code for two attack scenarios: reading XML from a web server and from a remote share in a LAN.

Description

Microsoft PowerShell - XML External Entity Injection

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/40873

View Code ZIP pw:eip

The exploit demonstrates an XML External Entity (XXE) vulnerability in PowerShell's XML parser, allowing local file access and exfiltration to an attacker-controlled server. It includes functional PoC code for two attack scenarios: reading XML from a web server and from a remote share in a LAN.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft PowerShell (tested on Windows 7 SP1, PowerShell 2.0)

No auth needed

Prerequisites: Attacker-controlled server to host malicious DTD and receive exfiltrated data · Victim must execute PowerShell commands to load malicious XML

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.001 - PowerShell

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026