Critical Gzip Vulnerabilities in Ubuntu Expose Systems to Local Attacks

Critical Gzip Vulnerabilities in Ubuntu Expose Systems to Local Attacks

First seen 6 Jul 2026, 23:49 UTC UbuntuLinuxsecurity 94% similarity 70.5

Article Content

Browse articles
ThreatCluster

Two critical vulnerabilities were discovered in Gzip's gzexe utility and file handling. CVE-2026-41991 allows local attackers to overwrite arbitrary files via a predictable temporary file path. CVE-2026-41992 can lead to denial of service or exposure of sensitive information due to improper handling of compressed files. These vulnerabilities affect multiple Ubuntu versions, including 22.04, 24.04, and 26.04 LTS. Users are advised to update their systems to mitigate these risks. The issues were published on June 29, 2026, and are now addressed in the latest updates. A standard system update will apply the necessary patches.

Key Points: • CVE-2026-41991 allows local attackers to exploit predictable file paths in Gzip. • CVE-2026-41992 can cause denial of service or expose sensitive data. • Affected Ubuntu versions include 22.04, 24.04, and 26.04 LTS; users should update immediately.

ThreatCluster AI

Timeline

2026-06-29
CVE-2026-41991 published
Local attackers can exploit Gzip's gzexe utility due to insecure temporary file handling.
Ubuntu
2026-06-29
CVE-2026-41992 published
Gzip's improper handling of compressed files can lead to denial of service or data exposure.
Ubuntu
2026-07-06
Ubuntu security notice USN-8512-1 released
Ubuntu issued a notice addressing critical vulnerabilities in Gzip, urging users to update.
Linuxsecurity

Community

Browse all →