Path Traversal in Red Hat Enterprise Linux 10

CVE-2026-14476

A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files…

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-14476?
CVE-2026-14476 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under Relative Path Traversal. CVSS score: 8.0/10. Published 2026-07-07.
How severe is CVE-2026-14476?
High severity. CVSS v3 base score is 8.0 out of 10.