PatchSiren cyber security CVE debrief
CVE-2026-14476 Red Hat CVE debrief
A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass. This vulnerability has a high impact on system security and requires immediate attention from system administrators and security teams.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
System administrators and security teams responsible for managing SSSD's AD GPO provider and ensuring the security of their systems should review this vulnerability. They should assess whether their deployments are affected and plan for remediation or mitigation as necessary. Additionally, security teams should monitor for potential attacks and implement compensating controls for exposed systems.
Technical summary
The CVE-2026-14476 vulnerability is a path traversal flaw in SSSD's AD GPO provider. The flaw exists in the ad_gpo_extract_smb_components() function, which does not properly sanitize .. sequences in the gPCFileSysPath LDAP attribute. This allows an attacker with AD GPO management access to write files outside the GPO cache directory as root. The vulnerability can be used to inject Kerberos configuration, leading to authentication bypass on default RHEL configurations with SELinux enforcing. System administrators should review and update SSSD's AD GPO provider configuration to ensure proper sanitization of .. sequences.
Defensive priority
High
Recommended defensive actions
- Review and update SSSD's AD GPO provider configuration to ensure proper sanitization of .. sequences in the gPCFileSysPath LDAP attribute.
- Implement compensating controls, such as monitoring and exception tracking, to detect and respond to potential attacks.
- Apply vendor remediation, if available, to address the vulnerability.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-07-07T10:16:39.993Z and has not been modified since. The NVD entry is currently Received. This information is based on the supplied source corpus and may not reflect the full scope or current status of the vulnerability. Defenders should verify the affected scope and vendor guidance through official channels.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T10:16:39.993Z and has not been modified since.