CVE-2026-54369: Improper Link Resolution Before File Access ('Link Following') in acl project acl
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.
AI Analysis
Technical Summary
The acl project before version 2.4.0 contains a vulnerability where pathname-based functions improperly resolve symbolic links before file access. Specifically, functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() do not securely handle symbolic links in path components, allowing local attackers who control any part of the pathname to redirect ACL read or write operations to arbitrary filesystem locations. This can lead to unauthorized modification of access control lists and local privilege escalation.
Potential Impact
Local attackers can exploit this vulnerability to manipulate access control lists by redirecting ACL operations to arbitrary files or directories via symbolic links. This can result in unauthorized privilege escalation on affected systems.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local user permissions to prevent control over pathname components used by privileged ACL operations.
CVE-2026-54369: Improper Link Resolution Before File Access ('Link Following') in acl project acl
Description
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.
CVSS v4.0
Score 8.4high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The acl project before version 2.4.0 contains a vulnerability where pathname-based functions improperly resolve symbolic links before file access. Specifically, functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() do not securely handle symbolic links in path components, allowing local attackers who control any part of the pathname to redirect ACL read or write operations to arbitrary filesystem locations. This can lead to unauthorized modification of access control lists and local privilege escalation.
Potential Impact
Local attackers can exploit this vulnerability to manipulate access control lists by redirecting ACL operations to arbitrary files or directories via symbolic links. This can result in unauthorized privilege escalation on affected systems.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict local user permissions to prevent control over pathname components used by privileged ACL operations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-06-12T20:20:02.948Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4274e827e9c79719eeb13a
Added to database: 06/29/2026, 13:36:40 UTC
Last enriched: 06/29/2026, 13:51:24 UTC
Last updated: 06/29/2026, 14:55:04 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.