EIP-2026-118130

PRE-CVE

WinRAR - Filename Spoofing (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118130. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a filename spoofing vulnerability in WinRAR (CVE-2026-141103) by creating a malicious ZIP file. The exploit leverages the discrepancy between the central directory and Local File Header to spoof filenames, potentially leading to arbitrary code execution when the victim opens the ZIP file.

Description

WinRAR - Filename Spoofing (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/32752

View Code ZIP pw:eip

This Metasploit module exploits a filename spoofing vulnerability in WinRAR (CVE-2026-141103) by creating a malicious ZIP file. The exploit leverages the discrepancy between the central directory and Local File Header to spoof filenames, potentially leading to arbitrary code execution when the victim opens the ZIP file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WinRAR (versions prior to the fix for this vulnerability)

No auth needed

Prerequisites: Victim must open the malicious ZIP file in WinRAR

MITRE ATT&CK

T1204 - User Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026