CVE-2026-58302

Source
https://cve.org/CVERecord?id=CVE-2026-58302
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58302.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-58302
Downstream
Published
2026-06-30T01:09:34.141Z
Modified
2026-07-08T08:14:19.147202581Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/58xxx/CVE-2026-58302.json",
    "cna_assigner": "mitre",
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Git / github.com/linuxcnc/linuxcnc

Affected ranges

Type
GIT
Repo
https://github.com/linuxcnc/linuxcnc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.9.9"
        }
    ],
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ]
}

Affected versions

Other
HAL_interface_Start
RELEASE_2_3_0_BETA1
RELEASE_2_3_0_BETA2
TESTING
bdi4
before_nort_merge
cl_v7124_trunk_merge
cvs-import
jmk_emc2_20050524
joints_axes_0
pre-merge
root-of-halrefactor-0-1
root-of-lerman-interp
root-of-rpm
rootof_kbuild-0-1
trunk_merge-from_kbuild-0-1_3
trunk_merge-from_kbuild-0-1_9
trunk_merge-to_kbuild-0-1_5
trunk_pre-merge_7
v2.*
v2.10.0-pre0
v2.4.0-pre0
v2.5.0
v2.5.0-pre0
v2.5.0-pre1
v2.5.0-pre3
v2.5.0-pre4
v2.5.0-pre5
v2.5.3
v2.7.0-pre0
v2.8.0-pre0
v2.8.0-pre1
v2.9.0
v2.9.0-pre1
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58302.json"