CVE-2026-54230 - Vulnerability Details - OpenCVE

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-54230
https://bugzilla.redhat.com/show_bug.cgi?id=2488568

History

Sat, 13 Jun 2026 02:45:00 +0000

Type	Values Removed	Values Added
Description		A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system.
Title		Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-59
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-54230 https://bugzilla.redhat.com/show_bug.cgi?id=2488568
Metrics		cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-13T02:34:35.969Z

Updated: 2026-06-13T02:34:35.969Z

Reserved: 2026-06-12T15:09:04.249Z

Link: CVE-2026-54230

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-13T03:16:21.733

Modified: 2026-06-13T03:16:21.733

Link: CVE-2026-54230

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-54230", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-06-12T15:09:04.249Z", "datePublished": "2026-06-13T02:34:35.969Z", "dateUpdated": "2026-06-13T02:34:35.969Z"}, "containers": {"cna": {"title": "Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and writes content to the symlink target, allowing arbitrary file overwrites on the system."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "abrt", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "abrt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "abrt", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-54230", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488568", "name": "RHBZ#2488568", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-05-04T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", "workarounds": [{"lang": "en", "value": "The following practices would help for avoiding exposure and mitigate this flaw:\n\n- Disable or remove ABRT if it is not required. On RHEL 8 systems where ABRT is installed, it can be disabled with: systemctl disable --now abrtd.service abrt-journal-core.service abrt-oops.service abrt-xorg.service\n- On Fedora systems, consider using systemd-coredump instead of ABRT for crash handling\n- Restrict local user access to systems running ABRT, as this vulnerability requires local access"}], "timeline": [{"lang": "en", "time": "2026-06-12T20:57:58.353Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-05-04T00:00:00.000Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Red Team (Deutsche Telekom Security GmbH) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-13T02:34:35.969Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}