CVE-2026-27456

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions util-linux versions prior to 2.41.4

Description A Time-of-Check-Time-of-Use (TOCTOU) vulnerability exists in the SUID binary /usr/bin/mount within util-linux. When setting up loop devices, the binary validates a file path with user privileges but re-opens it with root privileges without re-verification. This allows a local user to replace the file with a symbolic link to a root-owned file or device during the race window, leading to unauthorized access to root-protected files and block devices. Exploitation requires a specific /etc/fstab configuration and the SUID bit to be set on /usr/bin/mount.

Recommendations Update to version 2.41.4 or later.

Exploit

Fix

Time Of Check To Time Of Use

Link Following

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-59CWE-269

Related Identifiers

CVE-2026-27456

ECHO-A95F-C9F9-A568

OESA-2026-2211

OPENSUSE-SU-2026:10736-1

RHSA-2026:7180

Affected Products

Util-Linux

CVE-2026-27456

Weakness Enumeration

Related Identifiers

Affected Products

References · 20