Path Traversal in Red Hat Enterprise Linux 10
CVE-2026-14476
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files…
CVSS v3 metric
CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
Frequently asked questions
- What is CVE-2026-14476?
- CVE-2026-14476 is a high-severity vulnerability in Red Hat Enterprise Linux 10, classified under Relative Path Traversal. CVSS score: 8.0/10. Published 2026-07-07.
- How severe is CVE-2026-14476?
- High severity. CVSS v3 base score is 8.0 out of 10.