CyberRota
← Ana sayfaya dön

CVE-2026-41991

MEDIUM · CVSS 4.7 EPSS %0.10

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-29T12:16:29.770 · Çekilme zamanı: 2026-07-15T12:04:09.234904+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-41991
Severity
MEDIUM
CVSS
4.7
EPSS
%0.10

Orijinal NVD Açıklaması

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID (PID). This predictable filename is created without exclusive access or existence checks. A local attacker can pre‑create the predicted temporary file path as a symbolic link pointing to an arbitrary file writable by the victim. When gzexe runs, it follows the symlink and overwrites the target file, resulting in a time‑of‑check to time‑of‑use (TOCTOU) condition that allows arbitrary file overwrite. This issue has been fixed in the commit 4e6f8b24ab823146ab8776f0b7fe486ab34d4269