Skip to main content

Linux CVE-2026-23740

NONE
Uncontrolled Search Path Element (CWE-427)
2026-02-06 security-advisories@github.com

Severity by source

GitHub Advisory
0.0 LOW
AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 06, 2026 - 17:16 nvd
NONE

DescriptionGitHub Advisory

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

AnalysisAI

Asterisk is an open source private branch exchange and telephony toolkit.

Technical ContextAI

Classified as CWE-427 (Uncontrolled Search Path Element). Affects Certified Asterisk. Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-23740 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy