EUVD-2026-32900

🗓️ 28 May 2026 13:22:42Reported by EUVDType

Local privilege escalation in Multipass for macOS before 1.16.3 via writable binaries in support path.

Reporter	Title	Published	Views	Family All 19
ATTACKERKB	CVE-2026-49237	28 May 202613:22	–	attackerkb
Circl	CVE-2025-5199	28 May 202615:00	–	circl
Circl	CVE-2026-49237	28 May 202615:00	–	circl
CNNVD	Canonical Multipass 安全漏洞	12 Jul 202500:00	–	cnnvd
CNNVD	Canonical Multipass 安全漏洞	28 May 202600:00	–	cnnvd
CVE	CVE-2025-5199	11 Jul 202523:21	–	cve
CVE	CVE-2026-49237	28 May 202613:22	–	cve
Cvelist	CVE-2025-5199 LPE on Multipass for macOS	11 Jul 202523:21	–	cvelist
Cvelist	CVE-2026-49237 Local Privilege Escalation in Canonical Multipass	28 May 202613:22	–	cvelist
EUVD	EUVD-2025-21190	3 Oct 202520:07	–	euvd

[
  {
    "enisaIdVendor": [
      {
        "id": "11780e44-81a3-3e93-8c61-ac52ab655722",
        "vendor": {
          "name": "Canonical"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5ecfa207-daa9-3e90-90b9-bbb6765f0b0f",
        "product": {
          "name": "Multipass",
          "vendor": {
            "name": "Canonical"
          }
        },
        "product_version": "0 <1.16.3"
      }
    ]
  }
]

Source	Link
github	www.github.com/canonical/multipass/security/advisories/GHSA-r2xg-x32f-23c5

28 May 2026 15:15Current

6Medium risk

Vulners AI Score6

CVSS 3.17.8

EPSS0.0015

SSVC