CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

🗓️ 13 Jun 2026 02:34:37Reported by redhatType

ABRT post-create writes unsanitized systemd journal to dump files, enabling local content injection via newline characters.

Reporter	Title	Published	Views	Family All 4
CVE	CVE-2026-54231	13 Jun 202602:34	–	cve
EUVD	EUVD-2026-36640	13 Jun 202603:30	–	euvd
NVD	CVE-2026-54231	13 Jun 202603:16	–	nvd
Positive Technologies	PT-2026-49076	13 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "abrt",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "abrt",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "abrt",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-54231
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

13 Jun 2026 02:34Current

CVSS 3.15.5

CWE-74