CVE-2026-54231
MEDIUM 5.5A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal output by embedding newline characters in syslog messages, controlling the content that root writes to dump directory files.
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.1%chance of exploitation in 30 days · 2nd percentile
Impact if exploited
5.5CVSS 3.1 · MEDIUM
- ConfidentialityNone
- IntegrityHigh
- AvailabilityNone
What an attacker needs
- ⚠Access: Requires local access to the host
- ⚠Privileges: Requires a low-privilege account
- ✓User interaction: No user interaction needed
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Affected
Vendors Red Hat
Products Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8
Weakness (CWE)
- CWE-74: Injection
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N