PatchSiren cyber security CVE debrief
CVE-2026-54230 Red Hat CVE debrief
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 6
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-13
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-13
- Advisory updated
- 2026-06-13
Who should care
Users of libreport, particularly those using ABRT (Automatic Bug Reporting Tool) post-create event handlers, should be aware of this vulnerability. The vulnerability allows for arbitrary file overwrites on the system, which could lead to a denial of service or potentially allow for privilege escalation.
Technical summary
The vulnerability exists in the ABRT post-create event handler scripts in libreport. The scripts write output files using shell redirections without the O_NOFOLLOW flag. This allows an attacker to replace the target file with a symlink, causing the shell process running as root to follow the symlink and write content to the symlink target, resulting in arbitrary file overwrites on the system.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Use the O_NOFOLLOW flag when writing output files in shell redirections.
- Monitor systems for suspicious activity, such as unexpected file modifications.
Evidence notes
The CVE-2026-54230 vulnerability was found in libreport. The vulnerability has a CVSS score of 7 and is classified as HIGH severity.
Official resources
CVE-2026-54230 was published on 2026-06-13T03:16:21.733Z.