Skip to main content

Opencryptoki CVE-2026-23893

MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2026-01-22 security-advisories@github.com
Linux Privilege Escalation Opencryptoki Red Hat Suse
6.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.8 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
SUSE
MEDIUM
qualitative
Red Hat
6.8 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Mar 06, 2026 - 20:00 nvd
Patch available
CVE Published
Jan 22, 2026 - 01:15 nvd
MEDIUM 6.8

DescriptionGitHub Advisory

openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token directories, resulting in privilege escalation or data exposure. Token and lock directories are 0770 (group-writable for token users), so any token-group member can plant files and symlinks inside them. When run as root, the base code handling token directory file access, as well as several openCryptoki tools used for administrative purposes, may reset ownership or permissions on existing files inside the token directories. An attacker with token-group membership can exploit the system when an administrator runs a PKCS#11 application or administrative tool that performs chown on files inside the token directory during normal maintenance. This issue is fixed in commit 5e6e4b4, but has not been included in a released version at the time of publication.

AnalysisAI

Privilege escalation in openCryptoki 2.3.2+ allows token-group members to exploit insecure symlink handling in group-writable token directories, enabling file operations on arbitrary filesystem targets when the library runs with elevated privileges. An attacker with token-group membership can plant symlinks to redirect administrative operations, potentially leading to privilege escalation or unauthorized data access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment CVSS 6.8 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker (requires authentication) could exploit this flaw, privilege escalation or data exposure.
Remediation A vendor patch is available — apply it immediately. Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.12 Container suse/sl-micro/6.0/base-os-container:2.1.3-6.9 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.9 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.12 Image SL-Micro Affected
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed

Share

CVE-2026-23893 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy