EIP-2026-119315

PRE-CVE

XChat 2.8.7b - 'ircs://' URI Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119315. PoCs published by securfrog.

AI-analyzed exploit summary This exploit leverages improper handling of the 'ircs://' URI in XChat to execute arbitrary commands. The PoC uses a crafted URI with a trailing quote to inject a '--command' parameter, leading to remote code execution (e.g., launching calc.exe).

Description

XChat 2.8.7b - 'ircs://' URI Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by securfrog · htmlremotewindows

https://www.exploit-db.com/exploits/31909

View Code ZIP pw:eip

This exploit leverages improper handling of the 'ircs://' URI in XChat to execute arbitrary commands. The PoC uses a crafted URI with a trailing quote to inject a '--command' parameter, leading to remote code execution (e.g., launching calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: XChat <= 2.8.7b

No auth needed

Prerequisites: Victim must be connected to an IRC server · Victim must use Internet Explorer · XChat must be installed with default URI handler settings

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026