CVE-2026-58302

Description

rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen() by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to load an arbitrary shared library. Because the process retains elevated privileges during module loading, this results in local privilege escalation to root.

References

https://github.com/LinuxCNC/linuxcnc/compare/v2.9.8...v2.9.9

https://github.com/LinuxCNC/linuxcnc/commit/ea7cd579d39b586952a42e3da9a26d3e36e7a272

https://github.com/LinuxCNC/linuxcnc/commit/00d534c87464a3ed446656998aa02b8abc74b391

https://bugs.debian.org/1140943

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS