EIP-2026-118072

PRE-CVE

VMware Tools 3.1 - 'HGFS.Sys' Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118072. PoCs published by SoBeIt.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in VMware Tools' hgfs.sys driver by leveraging improper privilege handling. It uses kernel function resolution and shellcode execution to elevate privileges from guest to host OS.

Description

VMware Tools 3.1 - 'HGFS.Sys' Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC VERIFIED

by SoBeIt · clocalwindows

https://www.exploit-db.com/exploits/30802

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in VMware Tools' hgfs.sys driver by leveraging improper privilege handling. It uses kernel function resolution and shellcode execution to elevate privileges from guest to host OS.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: VMware Tools (hgfs.sys driver)

No auth needed

Prerequisites: VMware Tools installed on Windows guest OS · Local access to the guest OS

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026