← All CVEs

CVE-2026-54230

HIGH 7

Published 2026-06-13 · Last modified 2026-06-30

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system.

ELEVATED IMPACT

Severe if exploited (CVSS 7), but no known exploitation and low modeled probability. Patch on a normal cadence.

Exploitation likelihood

0.1%chance of exploitation in 30 days · 4th percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

7CVSS 3.1 · HIGH

  • ConfidentialityHigh
  • IntegrityHigh
  • AvailabilityHigh

What an attacker needs

  • Access: Requires local access to the host
  • Privileges: Requires a low-privilege account
  • User interaction: No user interaction needed
  • Complexity: Needs a race window or specific setup

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Red Hat

Products Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8

Weakness (CWE)

  • CWE-59

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Sources: NVD · CVE.org · EPSS