Vulnerability in Acl Project
CVE-2026-54369
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by…
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Acl Project — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (patch)
- disclosure@vulncheck.com (issue-tracking)
- disclosure@vulncheck.com (third-party-advisory)
- 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
- 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
- 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Frequently asked questions
- What is CVE-2026-54369?
- CVE-2026-54369 is a high-severity vulnerability in Acl Project, classified under Improper Link Resolution Before File Access. CVSS score: 7.1/10. Published 2026-06-29.
- How severe is CVE-2026-54369?
- High severity. CVSS v3 base score is 7.1 out of 10.