Skip to main content

Linuxcnc

1 CVEs product

Monthly

CVE-2026-58302 HIGH PATCH This Week

Local privilege escalation to root in LinuxCNC (linuxcnc-uspace) before 2.9.9 lets any unprivileged local user execute arbitrary code as root. The SUID-root rtapi_app helper accepts a user-supplied module name and passes it to dlopen() without sufficient validation, so path traversal lets an attacker load an arbitrary attacker-controlled shared library while the process is still privileged. No public exploit identified at time of analysis and the issue is not in CISA KEV; an upstream fix is available in version 2.9.9.

Privilege Escalation Path Traversal Linuxcnc
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.2%
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation to root in LinuxCNC (linuxcnc-uspace) before 2.9.9 lets any unprivileged local user execute arbitrary code as root. The SUID-root rtapi_app helper accepts a user-supplied module name and passes it to dlopen() without sufficient validation, so path traversal lets an attacker load an arbitrary attacker-controlled shared library while the process is still privileged. No public exploit identified at time of analysis and the issue is not in CISA KEV; an upstream fix is available in version 2.9.9.

Privilege Escalation Path Traversal Linuxcnc
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy