EIP-2026-119541

PRE-CVE

Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119541. PoCs published by XPN.

AI-analyzed exploit summary This exploit leverages a Windows kernel vulnerability (likely related to NULL page mapping) to execute shellcode via NtQuerySystemInformation. The shellcode appears to manipulate kernel structures to achieve privilege escalation.

Description

Microsoft Windows 10 (Build 1703 Creators Update) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC VERIFIED

by XPN · clocalwindows_x86

https://www.exploit-db.com/exploits/43192

View Code ZIP pw:eip

This exploit leverages a Windows kernel vulnerability (likely related to NULL page mapping) to execute shellcode via NtQuerySystemInformation. The shellcode appears to manipulate kernel structures to achieve privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows Kernel (version unspecified, likely older Windows versions)

No auth needed

Prerequisites: Access to a vulnerable Windows system · Ability to load a DLL into a process

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026