EIP-2026-117522

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117522. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits weak service permissions on Windows to escalate privileges to SYSTEM by either creating a new service or hijacking an existing one with insecure file or configuration permissions. It uploads a malicious executable, replaces the service binary or reconfigures the service, and restarts it to gain a SYSTEM session.

Description

Microsoft Windows - Escalate Service Permissions Privilege Escalation (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/21994

View Code ZIP pw:eip

This Metasploit module exploits weak service permissions on Windows to escalate privileges to SYSTEM by either creating a new service or hijacking an existing one with insecure file or configuration permissions. It uploads a malicious executable, replaces the service binary or reconfigures the service, and restarts it to gain a SYSTEM session.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows Service Control Manager (SCM)

Auth required

Prerequisites: Administrative privileges · Weak service file or configuration permissions

MITRE ATT&CK

T1543.003 - Windows Service T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Microsoft Windows - Escalate Service Permissions Privilege Escalation (Metasploit)

Exploitation Summary

Description

Exploits (1)

Details