EIP-2026-119325

PRE-CVE

Yahoo! Messenger 7.0/7.5 - Remote Search String Arbitrary Browser Navigation

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119325. PoCs published by Ivan Ivan.

AI-analyzed exploit summary The exploit demonstrates a browser-navigation vulnerability in Yahoo! Messenger by crafting malicious messages that trigger an arbitrary webpage to open via an embedded HTML tag. The issue arises due to insufficient input sanitization, allowing arbitrary URL execution.

Description

Yahoo! Messenger 7.0/7.5 - Remote Search String Arbitrary Browser Navigation

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ivan Ivan · textremotewindows
https://www.exploit-db.com/exploits/28298

The exploit demonstrates a browser-navigation vulnerability in Yahoo! Messenger by crafting malicious messages that trigger an arbitrary webpage to open via an embedded HTML tag. The issue arises due to insufficient input sanitization, allowing arbitrary URL execution.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Yahoo! Messenger 7.5.0.814
No auth needed
Prerequisites: Victim must receive and view the malicious message in Yahoo! Messenger
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026