EIP-2026-117560

PRE-CVE

Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117560. PoCs published by Abdelhamid Naceri.

AI-analyzed exploit summary This exploit leverages a vulnerability in the AppX Deployment Service (AppXSVC) to achieve local privilege escalation by creating or overwriting arbitrary files as SYSTEM. The attack involves manipulating directory junctions and hardlinks to redirect file operations during AppX package deployment.

Description

Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by Abdelhamid Naceri · textlocalwindows

https://www.exploit-db.com/exploits/47713

View Code ZIP pw:eip

This exploit leverages a vulnerability in the AppX Deployment Service (AppXSVC) to achieve local privilege escalation by creating or overwriting arbitrary files as SYSTEM. The attack involves manipulating directory junctions and hardlinks to redirect file operations during AppX package deployment.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 10 1903 (AppX Deployment Service)

Auth required

Prerequisites: Local access to the target system · Ability to create directory junctions and hardlinks · AppX Deployment Service running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026