Critical Symlink Traversal Vulnerabilities in Fedora 44 Affected by CVEs

Critical Symlink Traversal Vulnerabilities in Fedora 44 Affected by CVEs

First seen 11 Jul 2026, 23:28 UTC Linuxsecuritysavannah.nongnu.org 88% similarity 72.8

Article Content

Browse articles
ThreatCluster

On July 9, 2026, Fedora released updates addressing critical symlink traversal vulnerabilities in its acl and attr packages. The vulnerabilities, identified as CVE-2026-54369, CVE-2026-54370, and CVE-2026-54371, were published on June 29, 2026. CVE-2026-54369 and CVE-2026-54370 involve privilege escalation via libacl functions and TOCTOU symlink traversal through getfacl/setfacl. CVE-2026-54371 also presents a privilege escalation risk via getfattr. These vulnerabilities could allow attackers to gain elevated privileges on affected systems. Users are advised to upgrade to the latest versions using the provided dnf commands. The updates are critical for maintaining system security against potential exploitation.

Key Points: • Fedora 44 acl and attr packages have critical symlink traversal vulnerabilities. • Three CVEs (CVE-2026-54369, CVE-2026-54370, CVE-2026-54371) were published on June 29, 2026. • Users are urged to apply updates immediately to mitigate privilege escalation risks.

ThreatCluster AI

Timeline

2026-06-29
CVE-2026-54369 published
CVE-2026-54369 details a symlink traversal privilege escalation vulnerability via libacl functions.
Linuxsecurity
2026-06-29
CVE-2026-54370 published
CVE-2026-54370 describes a TOCTOU symlink traversal vulnerability via getfacl/setfacl.
Linuxsecurity
2026-06-29
CVE-2026-54371 published
CVE-2026-54371 outlines a privilege escalation vulnerability via getfattr.
Linuxsecurity
2026-07-09
Fedora releases updates for acl and attr packages
Updates were released to address the critical vulnerabilities in acl and attr packages, resolving the identified CVEs.
Linuxsecurity
2026-07-09
Users advised to upgrade
Fedora users are urged to upgrade their systems using dnf to mitigate the vulnerabilities.
Linuxsecurity

Community

Browse all →