CVE-2026-11452

GL.iNet GL-MT3000 (firmware ≤ 4.4.5) exposes a remote command-injection in the SET_USER_PWD Handler (function FUN_0042e200) via the /cgi-bin/glc interface. The vulnerability stems from manipulating the Password parameter, enabling remote execution of commands. Upgrading to firmware 4.8.1 is recom...

CVE-2026-11452 GL.iNet GL-MT3000 SET_USER_PWD glc FUN_0042e200 command injection

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

EulerOS Virtualization 2.13.1 : util-linux (EulerOS-SA-2026-2153)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...

CVE-2026-41702

VMware Fusion contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is install...

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

PT-2026-45565

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

Ubuntu 25.10 / 26.04 LTS : Bubblewrap vulnerability (USN-8288-1)

The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8288-1 advisory. It was discovered that Bubblewrap incorrectly handled the sandbox setup phase when installed in setuid mode. A local attacker could possibly use this issu...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fs/9p: Only the RWX permissions are translated for the plain 9P2000. Garbage data is allowed to pass through the perm bits of the plain 9P2000, allowing it to set, among other things, the suid bit. This probably wasn’t the intend...

Astra Linux - уязвимость в systemd

It was discovered that a Systemd service that uses the DynamicUser property can obtain new privileges by executing SUID binaries. This allows the service to create binaries belonging to the transient group, with the setgid bit set. A local attacker could exploit this flaw to access resources that...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: exec: Fix for the issue involving the comparison between permission checks and setuid/gid usage When opening a file for execution using dofilpopen, permission checks are performed based on the file’s metadata at that moment. If t...

CVE-2026-41702

VMware Fusion contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is install...

CVE-2026-41702

VMware Fusion is affected by a local privilege escalation TOCTOU flaw in a SETUID binary (CVE-2026-41702). The issue allows a non-administrative local user to escalate to root on systems with Fusion installed. Connected advisories confirm a fix in Fusion 26H1; the remediation is to apply the 26H1...

PT-2026-40932

Name of the Vulnerable Software and Affected Versions VMware Fusion versions prior to 26H1 Description VMware Fusion contains a TOCTOU Time-of-check Time-of-use race condition that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user...

CVE-2026-41163

bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitraril...

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

EUVD-2026-24982

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

CVE-2026-35350

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...