CVE-2026-31979

Name of the Vulnerable Software and Affected Versions Himmelblau versions prior to 3.1.0 Himmelblau versions prior to 2.3.8

Description Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. The himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc <uid> without symlink protections. The PrivateTmp setting was removed from the daemon’s systemd hardening, exposing it to the host /tmp. A local user can exploit this through symlink attacks to overwrite arbitrary files, potentially achieving local privilege escalation. This is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability where a Kerberos cache file can be swapped for a symlink to /etc/shadow, allowing an unprivileged user to gain control of system credentials.

Recommendations Versions prior to 3.1.0: Update to version 3.1.0. Versions prior to 2.3.8: Update to version 2.3.8.