Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS
My Image Garden for macOS and CUPS Printer Driver for macOS provided by Canon Inc. contain a vulnerability that allows access to unintended files or directories due to improper resolving of links when accessing files.
CSIRTS triage
- What
- A vulnerability allows access to unintended files or directories due to improper link resolution.
- Who is affected
- Users of My Image Garden for macOS and CUPS Printer Driver for macOS are affected.
- Urgency
- Remediation is important as this could lead to unauthorized file access.
- Action
- Update to the latest version of My Image Garden and CUPS Printer Driver.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch My Image Garden
Get an email when a new My Image Garden advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://jvn.jp/en/vu/JVNVU93879027/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-68910.12% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 2% of all scored CVEs.
- Low exploitation riskCVE-2026-68920.12% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 2% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-6891 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-6892 | coverage & exploitation status | NVD · CVE.org |
More from JVN (Japan Vulnerability Notes)
- unknownReflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Ima…2026-07-09
- unknownMultiple vulnerabilities in the installer for Pupsman2026-07-08
- unknownApache Jena Fuseki vulnerable to path traversal2026-07-07
- unknownSEIKO EPSON printers and scanners Web Config vulnerable to cross-site request forgery2026-07-07
- unknownSeiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection2026-07-01