EIP-2026-120687

PRE-CVE

Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-120687. PoCs published by Chokri Hammedi.

AI-analyzed exploit summary This Python script exploits an unauthenticated RCE vulnerability in Sunrise Helper for Windows 2026.14 by sending a crafted POST request to the /api/executeScript endpoint with a command payload. The exploit checks for authentication requirements before execution.

Description

Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC
by Chokri Hammedi · textlocalwindows
https://www.exploit-db.com/exploits/52565

This Python script exploits an unauthenticated RCE vulnerability in Sunrise Helper for Windows 2026.14 by sending a crafted POST request to the /api/executeScript endpoint with a command payload. The exploit checks for authentication requirements before execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Sunrise Helper for Windows 2026.14
No auth needed
Prerequisites: Network access to target port 49762 · Target running vulnerable version of Sunrise Helper
devstral-2 · analyzed May 19, 2026 Full analysis →

Details

Status pre_cve
Tracked Since May 16, 2026