CVE-2022-26704

CVE Database · CVE-2022-26704

CVE-2022-26704

· HIGHModified

CVSS v3.1

7.8

EPSS

1.08%

Published

May 26, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-59

Affected Products (20)

apple · mac_os_x (up to 10.15.7)vulnerable

apple · mac_os_xvulnerable

References (12)

http://seclists.org/fulldisclosure/2022/Jul/13

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Jul/14

Mailing ListThird Party Advisory

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0032/MNDT-2022-0032.md

Technical DescriptionThird Party Advisory

https://support.apple.com/en-us/HT213257

Release NotesVendor Advisory

https://support.apple.com/kb/HT213343

Mailing List

https://support.apple.com/kb/HT213344

KEV Catalog EPSS Scores Vendors All CVEs