What is the CVSS score of EUVD-2026-26681?

EUVD-2026-26681 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

AGL app-framework-binder EUVD-2026-26681

| CVE-2026-37525 HIGH

Improper Privilege Management (CWE-269)

2026-05-01 mitre

Privilege Escalation

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 01, 2026 - 17:31 vuln.today

EUVD ID Assigned

May 01, 2026 - 17:00 euvd

EUVD-2026-26681

Analysis Generated

May 01, 2026 - 17:00 vuln.today

CVE Published

May 01, 2026 - 00:00 nvd

HIGH 7.8

DescriptionNVD

AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials by calling afb_context_change_cred(&xreq->context, NULL) before dispatching an attacker-controlled API call via xapi->itf->call(xapi->closure, xreq). The NULL propagation chain through afb-context.c:110 (context->credentials = afb_cred_addref(NULL)) and afb-cred.c:163 (returns NULL when cred is NULL) confirms that credentials are zeroed before the target API executes. The attacker controls both api and verb parameters via JSON input, allowing execution of any registered API with a NULL credential context. APIs that rely on context->credentials for authorization decisions may fail open when receiving NULL credentials, enabling privilege escalation. This vulnerability was introduced in commit abbb4599f0b921c6f434b6bd02bcfb277eecf745 on 2018-02-14.

AnalysisAI

Local privilege escalation in Automotive Grade Linux (AGL) app-framework-binder (afb-daemon) through v19.90.0 allows authenticated users to execute arbitrary registered APIs with nullified credentials. The supervision Do command in src/afb-supervision.c explicitly zeroes request credentials before dispatching attacker-controlled API calls, causing authorization checks to fail open when encountering NULL credential contexts. …

RemediationAI

Within 24 hours: Identify all systems running Automotive Grade Linux with afb-daemon versions ≤19.90.0; consult AGL release notes and verify component inventory. Within 7 days: Implement network and local access controls to restrict afb-daemon supervision command access to trusted principals only; disable unnecessary afb-daemon supervision endpoints if not operationally required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26681 vulnerability details – vuln.today

Back

AGL app-framework-binder EUVD-2026-26681

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code