QSearchQSearch

CVE-2026-41054

7.8 HIGH

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`)

Published: 2026-05-20 · Last updated: 2026-06-05

Severity and scoring

CVSS
7.8 HIGH
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-305

Description

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-25555 OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows un... (9.8 CRITICAL)
  • CVE-2026-9798 A flaw was found in Keycloak, an open-source identity and access management solution (4.3 MEDIUM)
  • CVE-2026-6334 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code red... (3.1 LOW)
  • CVE-2026-2652 A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is st... (8.6 HIGH)
  • CVE-2026-3591 A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0) (5.4 MEDIUM)