Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.
AnalysisAI
Symlink following in the Canon My Image Garden macOS installer (version 3.6.8 and earlier) enables a locally authenticated attacker to manipulate file permissions outside their authorization scope. During installation - which typically runs with elevated privileges - an attacker who pre-places a crafted symbolic link at a path the installer accesses can redirect file operations to arbitrary targets, achieving unauthorized integrity impact on the host system. No public exploit code and no CISA KEV listing exist at time of analysis; however, the Canon PSIRT has published formal advisories confirming the issue.
Technical ContextAI
CWE-59 (Improper Link Resolution Before File Access, 'Link Following') describes a class of vulnerabilities where an application resolves a symbolic or hard link and operates on the final target without verifying that the resolved path is within the intended scope. In this case, the Canon My Image Garden macOS installer - which must modify file system objects during setup - fails to validate whether paths it accesses have been replaced by attacker-controlled symlinks. On macOS, installers commonly run as root or with elevated entitlements, making any symlink-following flaw during installation particularly impactful: an attacker with standard login privileges (PR:L per CVSS 4.0 vector) can place a crafted symlink before or during the install process. The installer then follows the link and applies permission changes to the symlink's target rather than the intended file. The affected scope is the vulnerable system's integrity only (VI:H, VC:N, VA:N, SC:N per CVSS 4.0), meaning confidentiality and availability are unaffected - the primary risk is unauthorized chmod-style modification enabling privilege escalation or persistent access.
RemediationAI
Users should consult the Canon PSIRT advisory at https://psirt.canon/advisory-information/cp2026-004/ and the US-specific advisory at https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS to obtain the patched version of My Image Garden for macOS. The exact fixed version number is not independently confirmed in the available data - verify the minimum safe version directly from Canon before deploying. As a compensating control where immediate patching is not possible, restrict local user login access on macOS systems running this installer, and avoid running the My Image Garden installer in shared or multi-user environments where untrusted local users have login privileges. Administrators may also consider monitoring for unexpected symlink creation in installation target directories using macOS endpoint security frameworks (e.g., Endpoint Security API or third-party EDR). Note that restricting local user access may impact legitimate multi-user workflows.
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33230
GHSA-q9wc-hhm5-fjq7