EIP-2026-118452

PRE-CVE

EarthStation 5 - Search Service Remote File Deletion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118452. PoCs published by random nut.

AI-analyzed exploit summary This exploit demonstrates a file deletion vulnerability in EarthStation 5 by sending a crafted UDP packet (0x0C with sub-function 0x07) to the 'Search Service' handler. It includes encryption and checksum logic to bypass client-side validation, allowing arbitrary file deletion in the context of the user running the vulnerable software.

Description

EarthStation 5 - Search Service Remote File Deletion

Exploits (1)

exploitdb WORKING POC VERIFIED

by random nut · c++remotewindows

https://www.exploit-db.com/exploits/23211

View Code ZIP pw:eip

This exploit demonstrates a file deletion vulnerability in EarthStation 5 by sending a crafted UDP packet (0x0C with sub-function 0x07) to the 'Search Service' handler. It includes encryption and checksum logic to bypass client-side validation, allowing arbitrary file deletion in the context of the user running the vulnerable software.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: EarthStation 5 (builds 1266 and 2180)

No auth needed

Prerequisites: Network access to the target's UDP port (default 1234) · Knowledge of the shared directory path

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026