EIP-2026-119262

PRE-CVE

VX Search Enterprise 9.1.12 - 'Login' Remote Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119262. PoCs published by Tulpa.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in VX Search Enterprise 9.1.12's login functionality. It uses a crafted HTTP POST request with an oversized password field to overwrite the SEH handler, execute an egghunter, and ultimately achieve remote code execution as NT AUTHORITY\SYSTEM.

Description

VX Search Enterprise 9.1.12 - 'Login' Remote Buffer Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tulpa · pythonremotewindows

https://www.exploit-db.com/exploits/40830

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in VX Search Enterprise 9.1.12's login functionality. It uses a crafted HTTP POST request with an oversized password field to overwrite the SEH handler, execute an egghunter, and ultimately achieve remote code execution as NT AUTHORITY\SYSTEM.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VX Search Enterprise 9.1.12

No auth needed

Prerequisites: Network access to the target system · VX Search Enterprise 9.1.12 running on Windows 7 x86

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026