EIP-2026-120685
PRE-CVELuaJIT 2.1.1774638290 - Arbitrary Code Execution
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-120685. PoCs published by Taurus Omar.
AI-analyzed exploit summary This Lua script demonstrates arbitrary code execution via LuaJIT's FFI (Foreign Function Interface) by leveraging unrestricted syscall access, command execution via system(), and shellcode execution via mmap(RWX). It confirms the vulnerability by comparing results from dlsym and direct syscalls, and includes a functional shellcode payload for spawning a shell.
Description
LuaJIT 2.1.1774638290 - Arbitrary Code Execution
Exploits (1)
This Lua script demonstrates arbitrary code execution via LuaJIT's FFI (Foreign Function Interface) by leveraging unrestricted syscall access, command execution via system(), and shellcode execution via mmap(RWX). It confirms the vulnerability by comparing results from dlsym and direct syscalls, and includes a functional shellcode payload for spawning a shell.