Skip to main content

pwnlift EUVDEUVD-2026-38454

| CVE-2026-56815 HIGH
UNIX Symbolic Link (Symlink) Following (CWE-61)
2026-06-23 mitre GHSA-9x6c-xp5w-ch33
7.4
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.4 HIGH
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.4 HIGH

Local access required to plant the symlink (AV:L); timing/positioning dependency justifies AC:H; unprivileged users can create symlinks in writable directories so PR:N stands; C/I/A all high due to privileged arbitrary file write.

3.1 AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 23, 2026 - 15:04 vuln.today
Analysis Generated
Jun 23, 2026 - 15:04 vuln.today

DescriptionCVE.org

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.

AnalysisAI

Symlink following in pwnlift's Blazor upload handler permits arbitrary file write with elevated system privileges when the application is deployed in a privileged (root or high-privilege) context. All pwnlift releases before commit d7a95449d9ee1ea09ec1529286685f6187afbbed are affected through the upload component in Components/Pages/Home.razor. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local filesystem write access
Delivery
Replace Uploads directory with symlink to privileged target path
Exploit
Trigger file upload via pwnlift web UI
Execution
Application writes attacker-supplied file to symlink target as privileged user
Persist
Achieve arbitrary privileged file write
Impact
Escalate to full system compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires three specific, concurrent conditions: (1) pwnlift must be running in a privileged deployment - explicitly called out in the CVE description - meaning the process runs as root, SYSTEM, or another high-privilege account; without this, the attack yields no privilege escalation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) reflects a high-impact but locally-constrained, high-complexity flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with write access to the directory housing pwnlift's Uploads folder replaces that directory with a symlink pointing to a sensitive location such as /etc/cron.d or /root/.ssh/authorized_keys. When a legitimate operator subsequently uploads a file through the pwnlift web UI, the application - running as root - resolves the path through the symlink and writes the attacker-controlled file content to the target location, achieving arbitrary privileged file write. …
Remediation The primary remediation is to update pwnlift to or beyond commit d7a95449d9ee1ea09ec1529286685f6187afbbed, available at https://github.com/rasta-mouse/pwnlift/commit/d7a95449d9ee1ea09ec1529286685f6187afbbed; note that this is a source-level fix commit, not a tagged release, so operators must build from this commit or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all pwnlift deployments and determine which run with elevated privileges (root or administrative accounts). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38454 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy