EIP-2026-118291

PRE-CVE

Avast! AntiVirus - X.509 Error Rendering Command Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118291. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages Avast's improper rendering of X.509 certificate commonName fields in HTMLLayout frames, allowing arbitrary HTML injection. By crafting a malicious certificate with embedded HTML/JavaScript, an attacker can achieve remote code execution when a victim visits a MITM-proxied HTTPS site.

Description

Avast! AntiVirus - X.509 Error Rendering Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textremotewindows
https://www.exploit-db.com/exploits/38384

This exploit leverages Avast's improper rendering of X.509 certificate commonName fields in HTMLLayout frames, allowing arbitrary HTML injection. By crafting a malicious certificate with embedded HTML/JavaScript, an attacker can achieve remote code execution when a victim visits a MITM-proxied HTTPS site.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Avast Antivirus (version not specified)
No auth needed
Prerequisites: MITM position to serve malicious certificate · Victim must visit HTTPS site with Avast installed · Openssl to serve the crafted certificate
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026