Version: v1.1.x

CVE-2026-54369

CVE Details

Visit the official vulnerability details page for CVE-2026-54369 to learn more.

Initial Publication

06/29/2026

Last Update

06/29/2026

Third Party Dependency

libacl

NIST CVE Summary

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who control any component of a pathname processed by a privileged caller can redirect ACL read or write operations to arbitrary files or directories, enabling unauthorized manipulation of access control lists and local privilege escalation.

CVE Severity

7.1

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Deferred

Affected Products & Versions

Version	PaletteAI	PaletteAI VerteX
1.1.6	⚠️ Impacted	⚠️ Impacted
1.0.7	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​