EIP-2026-118235

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118235. PoCs published by Daniele Linguaglossa.

AI-analyzed exploit summary This exploit leverages two vulnerabilities in Acunetix WVS 10: a remote command execution flaw via unsafe ActiveX object usage (WScript.shell) and a local privilege escalation due to insecure directory permissions. The PoC delivers a meterpreter shell by exploiting the scheduler service and replacing scripts in an insecure directory.

Description

Acunetix WVS 10 - Remote Command Execution

Exploits (1)

exploitdb WORKING POC

by Daniele Linguaglossa · pythonremotewindows

https://www.exploit-db.com/exploits/39755

View Code ZIP pw:eip

This exploit leverages two vulnerabilities in Acunetix WVS 10: a remote command execution flaw via unsafe ActiveX object usage (WScript.shell) and a local privilege escalation due to insecure directory permissions. The PoC delivers a meterpreter shell by exploiting the scheduler service and replacing scripts in an insecure directory.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Acunetix WVS 10

No auth needed

Prerequisites: Target must have VBS script interpreter · Target must have the scheduler service enabled · Target must be running Windows

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Acunetix WVS 10 - Remote Command Execution

Exploitation Summary

Description

Exploits (1)

Details