EIP-2026-118037

PRE-CVE

Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118037. PoCs published by LiquidWorm.

AI-analyzed exploit summary The writeup describes a local privilege escalation vulnerability in Ubisoft Uplay 5.0 due to insecure file permissions, allowing any user to modify executable files in the 'Ubisoft Game Launcher' directory. The vulnerability is confirmed via `cacls` output showing full permissions for the 'Users' group.

Description

Ubisoft Uplay 5.0 - Insecure File Permissions Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/36189

View Code ZIP pw:eip

The writeup describes a local privilege escalation vulnerability in Ubisoft Uplay 5.0 due to insecure file permissions, allowing any user to modify executable files in the 'Ubisoft Game Launcher' directory. The vulnerability is confirmed via `cacls` output showing full permissions for the 'Users' group.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Ubisoft Uplay 5.0.0.3914 (PC)

No auth needed

Prerequisites: Local access to the system · Ubisoft Uplay installed with vulnerable permissions

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026