EIP-2026-118885

PRE-CVE

Microsoft Windows PowerShell ISE - Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118885. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates a filename parsing flaw in Windows PowerShell ISE where specially crafted filenames with array brackets can hijack script execution, leading to remote code execution. The PoC creates two PowerShell scripts, one benign and one malicious, to exploit this behavior.

Description

Microsoft Windows PowerShell ISE - Remote Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textremotewindows

https://www.exploit-db.com/exploits/46790

View Code ZIP pw:eip

The exploit demonstrates a filename parsing flaw in Windows PowerShell ISE where specially crafted filenames with array brackets can hijack script execution, leading to remote code execution. The PoC creates two PowerShell scripts, one benign and one malicious, to exploit this behavior.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Windows PowerShell ISE

No auth needed

Prerequisites: Two PowerShell scripts in the same directory, one with a crafted filename containing array brackets

MITRE ATT&CK

T1059.001 - PowerShell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026