CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-54371

highCVSS 7.1covered by 2 sourcesfirst seen 2026-06-09
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can redirect getfattr and setfattr operations to arbitrary files by substituting a symlink, leading to local privilege escalation when getfattr or setfattr is invoked by a privileged process over an attacker-controlled path.

CSIRTS triage

What
A symlink traversal vulnerability allows privilege escalation via getfattr/setfattr.
Who is affected
Users of attr versions below 2.6.0 are affected.
Urgency
Remediation is high urgency due to the potential for privilege escalation.
Action
Upgrade to attr version 2.6.0 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-54371

Get an email if CVE-2026-54371 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-54371

CVE.org record

Embed the live status

CVE-2026-54371 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-54371 status](https://www.csirts.com/badge/CVE-2026-54371)](https://www.csirts.com/cve/CVE-2026-54371)