EIP-2026-118721

PRE-CVE

LAN.FS Messenger 2.4 - Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118721. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The document details a command execution vulnerability in LAN.FS Messenger v2.4, where the 'Computername' field in the 'Computersettings' module can be manipulated to execute arbitrary system commands or inject malicious script code. The vulnerability is exploited via the Messenger Service, requiring no user interaction beyond an active conversation.

Description

LAN.FS Messenger 2.4 - Command Execution

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textremotewindows

https://www.exploit-db.com/exploits/22854

View Code ZIP pw:eip

The document details a command execution vulnerability in LAN.FS Messenger v2.4, where the 'Computername' field in the 'Computersettings' module can be manipulated to execute arbitrary system commands or inject malicious script code. The vulnerability is exploited via the Messenger Service, requiring no user interaction beyond an active conversation.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: LAN.FS Messenger v2.4

No auth needed

Prerequisites: Active conversation in LAN.FS Messenger · Ability to modify the 'Computername' field

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026