Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.
AnalysisAI
Local privilege escalation to root in LinuxCNC (linuxcnc-uspace) before 2.9.9 lets any unprivileged local user execute arbitrary code as root. The SUID-root rtapi_app helper accepts a user-supplied module name and passes it to dlopen() without sufficient validation, so path traversal lets an attacker load an arbitrary attacker-controlled shared library while the process is still privileged. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours: inventory all systems running linuxcnc-uspace prior to version 2.9.9; restrict local shell access to trusted personnel only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Privilege Escalation
View allVendor StatusVendor
Debian
Bug #1140943| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm | vulnerable | 2.9.0~pre1+git20230208.f1270d6ed7-1+deb12u1 | - |
| trixie | vulnerable | 1:2.9.4-2 | - |
| sid | fixed | 1:2.9.9-2 | - |
| (unstable) | fixed | 1:2.9.9-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40241
GHSA-h3vh-9phr-5gjm