Skip to main content

Suricata CVE-2026-59674

| EUVDEUVD-2026-43633 HIGH
UNIX Symbolic Link (Symlink) Following (CWE-61)
2026-07-14 suse GHSA-j33g-47h2-2687
7.1
CVSS 4.0 · Vendor: suse
Share

Severity by source

Vendor (suse) PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local escalation by the already-authenticated suricata account (AV:L, PR:L), low complexity, no interaction; symlink abuse yields root so C/I/A all High, scope Unchanged as it stays within the host OS authority.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (suse).

CVSS VectorVendor: suse

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
N

Lifecycle Timeline

3
Patch available
Jul 14, 2026 - 11:17 EUVD
Analysis Generated
Jul 14, 2026 - 08:16 vuln.today
CVE Published
Jul 14, 2026 - 07:32 cve.org
HIGH 7.1

DescriptionCVE.org

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed suricata package allows the suricata user to escalate to root.

This issue affects openSUSE Tumbleweed: from ? before 8.0.5-2.1; openSUSE Tumbleweed: from ? before 8.0.5-2.1.

AnalysisAI

Local privilege escalation in the openSUSE Tumbleweed packaging of Suricata allows the unprivileged 'suricata' service account to gain root through a symbolic-link following flaw (CWE-61) in files or directories the package manages with predictable, service-writable paths. Any actor already holding the suricata user context - for example via a compromised or misconfigured IDS/IPS process - can plant a symlink that redirects a root-executed operation to a target of their choosing, yielding full system compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain suricata user foothold
Delivery
Plant symlink in service-writable path
Exploit
Wait for or trigger root package operation
Execution
Root follows link to target
Persist
Overwrite root-owned file
Impact
Escalate to root

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already possess the 'suricata' user context on an openSUSE Tumbleweed host running the suricata package before 8.0.5-2.1 (PR:L, AV:L) - this is a local, authenticated-as-service-account escalation, not remotely reachable. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a credible local privilege-escalation issue but not an internet-facing emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has compromised or already controls the low-privileged suricata service account (for example after subverting the exposed detection process) places a symbolic link at a predictable path that a root-run package operation writes to or chowns. When that root operation fires - during log rotation, service restart, or a scheduled task - it follows the link and modifies an attacker-chosen target such as /etc/passwd or a root-owned script, granting root. …
Remediation Apply the vendor-released patch: update the suricata package to 8.0.5-2.1 or later via 'zypper up suricata' (or a full 'zypper dup' on Tumbleweed) to obtain the fixed packaging that no longer follows attacker-controlled symlinks. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all systems running openSUSE Tumbleweed with Suricata IDS/IPS enabled and document current access controls on the suricata service account. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2018-1000167 HIGH POC
7.8 Apr 18

OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Functi

CVE-2025-59150 HIGH POC
7.5 Oct 01

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2021-45098 HIGH POC
7.5 Dec 16

An issue was discovered in Suricata before 6.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploit

CVE-2019-10056 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-10055 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-10054 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-10052 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-10051 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-1010279 HIGH POC
7.5 Jul 18

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detect

CVE-2018-14568 HIGH POC
7.5 Jul 23

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. Rated high severity (CVSS 7.5), this vul

CVE-2015-8954 CRITICAL
9.8 Mar 20

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might a

CVE-2023-35853 CRITICAL
9.8 Jun 19

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. Ra

Share

CVE-2026-59674 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy