rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.
Metrics
Affected Vendors & Products
References
History
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Linuxcnc
Linuxcnc linuxcnc |
|
| Vendors & Products |
Linuxcnc
Linuxcnc linuxcnc |
Tue, 30 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 30 Jun 2026 04:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | SUID Root Privilege Escalation via Path Traversal in LinuxCNC rtapi_app |
Tue, 30 Jun 2026 02:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root. | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: mitre
Published: 2026-06-30T01:09:34.141Z
Updated: 2026-06-30T13:04:39.190Z
Reserved: 2026-06-30T01:09:33.668Z
Link: CVE-2026-58302
Updated: 2026-06-30T13:04:34.145Z
No data.
No data.