Detections
Analytics

Linux Distros Unpatched Vulnerability : CVE-2026-9541

medium Nessus Plugin ID 317040

Language:

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. (CVE-2026-9541)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

See Also

https://security-tracker.debian.org/tracker/CVE-2026-9541

https://ubuntu.com/security/CVE-2026-9541

Plugin Details

Severity: Medium

ID: 317040

File Name: unpatched_CVE_2026_9541.nasl

Version: 1.4

Type: Local

Agent: unix

Family: Misc.

Published: 5/27/2026

Updated: 6/2/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2026-9541

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:U/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:25.10, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:debian:debian_linux:squirrel3, cpe:/o:debian:debian_linux:13.0, p-cpe:/a:canonical:ubuntu_linux:squirrel3, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, cpe:/o:debian:debian_linux:14.0, cpe:/o:canonical:ubuntu_linux:26.04:-:lts

Required KB Items: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/26/2026

Reference Information

CVE: CVE-2026-9541