PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14476 Red Hat CVE debrief

A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass. This vulnerability has a high impact on system security and requires immediate attention from system administrators and security teams.

Vendor
Red Hat
Product
Red Hat Enterprise Linux 10
CVSS
HIGH 8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

System administrators and security teams responsible for managing SSSD's AD GPO provider and ensuring the security of their systems should review this vulnerability. They should assess whether their deployments are affected and plan for remediation or mitigation as necessary. Additionally, security teams should monitor for potential attacks and implement compensating controls for exposed systems.

Technical summary

The CVE-2026-14476 vulnerability is a path traversal flaw in SSSD's AD GPO provider. The flaw exists in the ad_gpo_extract_smb_components() function, which does not properly sanitize .. sequences in the gPCFileSysPath LDAP attribute. This allows an attacker with AD GPO management access to write files outside the GPO cache directory as root. The vulnerability can be used to inject Kerberos configuration, leading to authentication bypass on default RHEL configurations with SELinux enforcing. System administrators should review and update SSSD's AD GPO provider configuration to ensure proper sanitization of .. sequences.

Defensive priority

High

Recommended defensive actions

  • Review and update SSSD's AD GPO provider configuration to ensure proper sanitization of .. sequences in the gPCFileSysPath LDAP attribute.
  • Implement compensating controls, such as monitoring and exception tracking, to detect and respond to potential attacks.
  • Apply vendor remediation, if available, to address the vulnerability.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-07-07T10:16:39.993Z and has not been modified since. The NVD entry is currently Received. This information is based on the supplied source corpus and may not reflect the full scope or current status of the vulnerability. Defenders should verify the affected scope and vendor guidance through official channels.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T10:16:39.993Z and has not been modified since.