8.4
/ 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.
Basic Information
ID
CVE-2026-58302
Source
mitre
Published
Jun 30, 2026 at 01:09
Affected Product
Vendor
LinuxCNC
Product
LinuxCNC
Affected Versions
LinuxCNC LinuxCNC 0