CVE-2026-58302

HIGH NVD

CVSS Score 8.4

Severity HIGH

Published Jun 30, 2026

Vendor unknown

Description

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

References

https://bugs.debian.org/1140943
https://github.com/LinuxCNC/linuxcnc/commit/00d534c87464a3ed446656998aa02b8abc74b391
https://github.com/LinuxCNC/linuxcnc/commit/ea7cd579d39b586952a42e3da9a26d3e36e7a272
https://github.com/LinuxCNC/linuxcnc/compare/v2.9.8...v2.9.9