PT-2026-34476

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

BIT-NODE-MIN-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

EUVD-2026-17180

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

UBUNTU-CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

CVE-2026-21716 : An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod() and FileHandle.chown() in the promises API without required permission checks, while their callback-based counterparts were patched. This can allow code running under --permission with a restricted --allow-fs-write to...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Security vulnerabilities exist in Node.js versions 20.x, 22.x, 24.x, and 25.x. These vulnerabilities stem from the lack of permission checks for FileHandle.chmod and FileHandle.chown durin...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via FileHandle.chmod or FileHandle.chown functions which can use a "read-only" file descriptor to change the owner and permissions of a file. Notes: - This is only exploitable for users using the experimental...

MiracleLinux 8 : rpm-4.14.3-28.el8_9 (AXSA:2024-7498:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7498:02 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002530)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002530 advisory. Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002035)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002035 advisory. Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001028 advisory. Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a...

CVE-2016-10846

cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions SEC-79...

CVE-2019-20496

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

PT-2026-28320

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x through 25.x Description An incomplete fix allows bypassing of intended write restrictions when using the Permission Model with restricted --allow-fs-write. Specifically, the FileHandle.chmod and FileHandle.chown methods...

Node.js: CVE-2024-36137 Patch Bypass - FileHandle.chmod/chown

Vulnerability description not provided...

CLSA-2025-1762800667 Fix CVE(s): CVE-2021-44038

SECURITY UPDATE: Unsafe chown/chmod operations in .service files - debian/patches/CVE-2021-44038.patch: remove chown/chmod commands from the .service files - CVE-2021-44038...