EIP-2026-117830

PRE-CVE

Rapid7 AppSpider 6.12 - Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117830. PoCs published by LiquidWorm.

AI-analyzed exploit summary The writeup describes an unquoted search path vulnerability in Rapid7 AppSpider 6.12, affecting Windows services, which could allow local privilege escalation if an attacker can place executable code in the system root path.

Description

Rapid7 AppSpider 6.12 - Local Privilege Escalation

Exploits (1)

exploitdb WRITEUP VERIFIED

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/40145

View Code ZIP pw:eip

The writeup describes an unquoted search path vulnerability in Rapid7 AppSpider 6.12, affecting Windows services, which could allow local privilege escalation if an attacker can place executable code in the system root path.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Rapid7 AppSpider 6.12.10.1

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026