Skip to main content

My Image Garden EUVDEUVD-2026-33230

| CVE-2026-6891 MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2026-05-29 f98c90f0-e9bd-4fa7-911b-51993f3571fd GHSA-q9wc-hhm5-fjq7
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 29, 2026 - 00:26 vuln.today

DescriptionCVE.org

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization.

AnalysisAI

Symlink following in the Canon My Image Garden macOS installer (version 3.6.8 and earlier) enables a locally authenticated attacker to manipulate file permissions outside their authorization scope. During installation - which typically runs with elevated privileges - an attacker who pre-places a crafted symbolic link at a path the installer accesses can redirect file operations to arbitrary targets, achieving unauthorized integrity impact on the host system. No public exploit code and no CISA KEV listing exist at time of analysis; however, the Canon PSIRT has published formal advisories confirming the issue.

Technical ContextAI

CWE-59 (Improper Link Resolution Before File Access, 'Link Following') describes a class of vulnerabilities where an application resolves a symbolic or hard link and operates on the final target without verifying that the resolved path is within the intended scope. In this case, the Canon My Image Garden macOS installer - which must modify file system objects during setup - fails to validate whether paths it accesses have been replaced by attacker-controlled symlinks. On macOS, installers commonly run as root or with elevated entitlements, making any symlink-following flaw during installation particularly impactful: an attacker with standard login privileges (PR:L per CVSS 4.0 vector) can place a crafted symlink before or during the install process. The installer then follows the link and applies permission changes to the symlink's target rather than the intended file. The affected scope is the vulnerable system's integrity only (VI:H, VC:N, VA:N, SC:N per CVSS 4.0), meaning confidentiality and availability are unaffected - the primary risk is unauthorized chmod-style modification enabling privilege escalation or persistent access.

RemediationAI

Users should consult the Canon PSIRT advisory at https://psirt.canon/advisory-information/cp2026-004/ and the US-specific advisory at https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS to obtain the patched version of My Image Garden for macOS. The exact fixed version number is not independently confirmed in the available data - verify the minimum safe version directly from Canon before deploying. As a compensating control where immediate patching is not possible, restrict local user login access on macOS systems running this installer, and avoid running the My Image Garden installer in shared or multi-user environments where untrusted local users have login privileges. Administrators may also consider monitoring for unexpected symlink creation in installation target directories using macOS endpoint security frameworks (e.g., Endpoint Security API or third-party EDR). Note that restricting local user access may impact legitimate multi-user workflows.

Share

EUVD-2026-33230 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy