Skip to main content

Linuxcnc CVE-2026-58302

| EUVDEUVD-2026-40241 HIGH
Path Traversal (CWE-22)
2026-06-30 mitre GHSA-h3vh-9phr-5gjm
8.4
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 30, 2026 - 03:01 EUVD
Analysis Generated
Jun 30, 2026 - 02:11 vuln.today
CVE Published
Jun 30, 2026 - 01:09 cve.org
HIGH 8.4

DescriptionCVE.org

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

AnalysisAI

Local privilege escalation to root in LinuxCNC (linuxcnc-uspace) before 2.9.9 lets any unprivileged local user execute arbitrary code as root. The SUID-root rtapi_app helper accepts a user-supplied module name and passes it to dlopen() without sufficient validation, so path traversal lets an attacker load an arbitrary attacker-controlled shared library while the process is still privileged. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: inventory all systems running linuxcnc-uspace prior to version 2.9.9; restrict local shell access to trusted personnel only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Debian

Bug #1140943
linuxcnc
Release Status Fixed Version Urgency
bookworm vulnerable 2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u1 -
trixie vulnerable 1:2.9.4-2 -
sid fixed 1:2.9.9-2 -
(unstable) fixed 1:2.9.9-1 -

Share

CVE-2026-58302 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy