CVE 8.4 HIGH

CVE-2026-58302_CVE-2026-58302

8.4 / 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

Basic Information

ID CVE-2026-58302
Source mitre
Published Jun 30, 2026 at 01:09

Affected Product

Vendor LinuxCNC
Product LinuxCNC
Affected Versions LinuxCNC LinuxCNC 0

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.