EIP-2026-117857

PRE-CVE

Riot Games League of Legends - Insecure File Permissions Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117857. PoCs published by Cyril Vallicari.

AI-analyzed exploit summary This writeup details an insecure file permissions vulnerability in Riot Games' League of Legends installer, allowing privilege escalation by replacing binaries due to overly permissive ACLs. The analysis includes `icacls` output and vendor response, but no functional exploit code is provided.

Description

Riot Games League of Legends - Insecure File Permissions Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Cyril Vallicari · textlocalwindows

https://www.exploit-db.com/exploits/39916

View Code ZIP pw:eip

This writeup details an insecure file permissions vulnerability in Riot Games' League of Legends installer, allowing privilege escalation by replacing binaries due to overly permissive ACLs. The analysis includes `icacls` output and vendor response, but no functional exploit code is provided.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: League of Legends (versions up to LeagueofLegends_EUW_Installer_2016_05_13.exe)

No auth needed

Prerequisites: Local access to the system · League of Legends installed with default permissions

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026