Lucene search
K

486 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-39246

decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When processing symlink entries type === 'symlink', the x.linkname field from the archive is passed directly to fs.symlink without validation index.js line 121. The preventWritingThroughSymlink check on line 98...

7.5CVSS0.00166EPSS
Exploits0References3
NVD
NVD
added 3 days ago12 views

CVE-2026-39822

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

7.8CVSS0.00181EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 9:43 p.m.4 views

GHSA-8XWF-RJM4-XVHV oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

6.9CVSS5.7AI score
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/30 8:1 a.m.7 views

attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

...

8.4CVSS5.8AI score0.00136EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and...

8.4CVSS6AI score0.00142EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 2:16 p.m.8 views

CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS0.00142EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 2:16 p.m.8 views

CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS0.00136EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 2:16 p.m.4 views

UBUNTU-CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 2:16 p.m.5 views

UBUNTU-CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/29 1:12 p.m.8 views

CVE-2026-54371

A flaw was found in the attr package. This vulnerability allows a local attacker to perform a symlink traversal attack by replacing a pathname component with a symbolic link - either during directory hierarchy traversal by getfattr or during backup restoration by setfattr, which reads and resolve...

8.4CVSS5.7AI score0.00136EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 12:39 p.m.6 views

CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:39 p.m.6 views

CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:39 p.m.38 views

CVE-2026-54371

The CVE affects the attr utilities (getfattr/setfattr) with versions before 2.6.0. Root cause is a symlink traversal during directory hierarchy traversal, enabling local privilege escalation when a privileged process uses getfattr/setfattr on attacker-controlled paths. The documents do not provid...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 12:39 p.m.41 views

CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS0.00136EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 12:39 p.m.7 views

EUVD-2026-40087

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/29 12:39 p.m.8 views

CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0
CVE
CVE
added 2026/06/29 12:38 p.m.22 views

CVE-2026-54370

CVE-2026-54370 affects acl before version 2.4.0, introducing a TOCTOU race where an attacker-controlled pathname component can replace a component with a symlink between an lstat() check and subsequent operations (stat, chown, chmod, acl_get_file, acl_set_file). This enables local privilege escal...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 12:37 p.m.49 views

CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS0.00142EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 12:37 p.m.8 views

EUVD-2026-40085

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 12:37 p.m.11 views

CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References3
Rows per page
Query Builder