PatchSiren cyber security CVE debrief
CVE-2026-54228 Red Hat CVE debrief
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package validation and allowing crashes of unpackaged binaries to survive post-create processing.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 6
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-13
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-13
- Advisory updated
- 2026-06-13
Who should care
Users of systems where abrt-dbus is installed and running, particularly those with multi-user access.
Technical summary
The abrt-dbus service is vulnerable to a TOCTOU race condition in its SetElement method. This allows a local user to write arbitrary text files into the root-owned dump directory, potentially bypassing package validation.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the TOCTOU race condition in abrt-dbus.
- Restrict access to the abrt-dbus service to trusted users only.
- Monitor systems for suspicious activity related to the abrt-dbus service.
Evidence notes
The CVE-2026-54228 record was obtained from the NVD database, which lists it as having a CVSS score of 7.8 and a HIGH severity.
Official resources
CVE-2026-54228 was published on 2026-06-13T03:16:21.440Z and has not been modified since then.