EIP-2026-119540

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119540. PoCs published by SandboxEscaper.

AI-analyzed exploit summary The exploit leverages a DACL write vulnerability in Windows Task Scheduler by impersonating NT AUTHORITY\SYSTEM during a legacy .job file import, allowing arbitrary file security descriptor manipulation via a hardlink to a system file (e.g., pci.sys). The PoC demonstrates privilege escalation by abusing the _SchRpcRegisterTask RPC call.

Description

Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC

by SandboxEscaper · textlocalwindows_x86

https://www.exploit-db.com/exploits/46918

View Code ZIP pw:eip

The exploit leverages a DACL write vulnerability in Windows Task Scheduler by impersonating NT AUTHORITY\SYSTEM during a legacy .job file import, allowing arbitrary file security descriptor manipulation via a hardlink to a system file (e.g., pci.sys). The PoC demonstrates privilege escalation by abusing the _SchRpcRegisterTask RPC call.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 (Task Scheduler)

Auth required

Prerequisites: Local non-admin account credentials · Legacy schtasks.exe and schedsvc.dll from older Windows versions · Ability to create hardlinks

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation

Exploitation Summary

Description

Exploits (1)

Details