CVE-2026-32282

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Root.Chmod (affected versions not specified)

Description On Linux, if the target of Root.Chmod is replaced with a symlink during a chmod operation, the operation can affect the symlink's target, even if that target is outside the root directory. The Linux fchmodat syscall does not respect the AT SYMLINK NOFOLLOW flag, which Root.Chmod uses to prevent symlink traversal. Root.Chmod verifies its target before proceeding and returns an error if the target is a symlink outside the root, but this check can be bypassed if the target is replaced with a symlink between the check and the operation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALSA-2026:14200

ALSA-2026:16875

ALSA-2026:17075

ALSA-2026:19133

ALSA-2026:19134

ALSA-2026:19135

ALSA-2026:19136

ALSA-2026:19350

ALSA-2026:19351

ALSA-2026:19352

ALSA-2026:19353

BDU:2026-07252

BIT-GOLANG-2026-32282

CLEANSTART-2026-AC01087

CLEANSTART-2026-AH29678

CLEANSTART-2026-AP92343

CLEANSTART-2026-AP95632

CLEANSTART-2026-AQ65185

CLEANSTART-2026-AY53560

CLEANSTART-2026-AY89602

CLEANSTART-2026-BB70412

CLEANSTART-2026-BB83999

CLEANSTART-2026-BD19566

CLEANSTART-2026-BG69533

CLEANSTART-2026-BM53321

CLEANSTART-2026-BN28456

CLEANSTART-2026-BR79647

CLEANSTART-2026-BT04364

CLEANSTART-2026-BU65096

CLEANSTART-2026-BZ28794

CLEANSTART-2026-CB00984

CLEANSTART-2026-CC08450

CLEANSTART-2026-CD13174

CLEANSTART-2026-CD71342

CLEANSTART-2026-CD91667

CLEANSTART-2026-CE10526

CLEANSTART-2026-CN84623

CLEANSTART-2026-CR55131

CLEANSTART-2026-CS02869

CLEANSTART-2026-DA99134

CLEANSTART-2026-DK45320

CLEANSTART-2026-DM19620

CLEANSTART-2026-DM93480

CLEANSTART-2026-DN70218

CLEANSTART-2026-DO31246

CLEANSTART-2026-DR81473

CLEANSTART-2026-DV49899

CLEANSTART-2026-DW32113

CLEANSTART-2026-EI06494

CLEANSTART-2026-EM93403

CLEANSTART-2026-EP10142

CLEANSTART-2026-FB07695

CLEANSTART-2026-FH54780

CLEANSTART-2026-FH63386

CLEANSTART-2026-FK40318

CLEANSTART-2026-FV86809

CLEANSTART-2026-GB02436

CLEANSTART-2026-GB36430

CLEANSTART-2026-GB46352

CLEANSTART-2026-GB83728

CLEANSTART-2026-GG06672

CLEANSTART-2026-GN78570

CLEANSTART-2026-GR41888

CLEANSTART-2026-GW28934

CLEANSTART-2026-GY48351

CLEANSTART-2026-GY76045

CLEANSTART-2026-GZ35045

CLEANSTART-2026-HF07497

CLEANSTART-2026-HI89495

CLEANSTART-2026-HK01840

CLEANSTART-2026-HM31566

CLEANSTART-2026-HQ88036

CLEANSTART-2026-HZ73294

CLEANSTART-2026-IO64893

CLEANSTART-2026-IP78312

CLEANSTART-2026-IS19112

CLEANSTART-2026-IW91368

CLEANSTART-2026-IY98831

CLEANSTART-2026-JO51351

CLEANSTART-2026-JQ70227

CLEANSTART-2026-JV26120

CLEANSTART-2026-JY63371

CLEANSTART-2026-JZ43336

CLEANSTART-2026-KA21986

CLEANSTART-2026-KC83705

CLEANSTART-2026-KF86214

CLEANSTART-2026-KL61187

CLEANSTART-2026-KO66630

CLEANSTART-2026-KT28044

CLEANSTART-2026-LA67881

CLEANSTART-2026-LG79681

CLEANSTART-2026-LI56163

CLEANSTART-2026-LK73694

CLEANSTART-2026-LM43244

CLEANSTART-2026-LN66182

CLEANSTART-2026-LO63022

CLEANSTART-2026-LO90739

CLEANSTART-2026-LT10352

CLEANSTART-2026-LZ60917

CLEANSTART-2026-MI12470

CLEANSTART-2026-MI82983

CLEANSTART-2026-MK07381

CLEANSTART-2026-ML42911

CLEANSTART-2026-MP87020

CLEANSTART-2026-MR50866

CLEANSTART-2026-MV81821

CLEANSTART-2026-MW24969

CLEANSTART-2026-MW66533

CLEANSTART-2026-MX15076

CLEANSTART-2026-MX56097

CLEANSTART-2026-MZ44265

CLEANSTART-2026-NB51079

CLEANSTART-2026-NB55984

CLEANSTART-2026-NB83265

CLEANSTART-2026-NG28268

CLEANSTART-2026-NG75665

CLEANSTART-2026-NS33477

CLEANSTART-2026-NT10973

CLEANSTART-2026-NX54250

CLEANSTART-2026-OD47693

CLEANSTART-2026-OD56729

CLEANSTART-2026-OF37807

CLEANSTART-2026-OH43332

CLEANSTART-2026-OH47925

CLEANSTART-2026-OR40192

CLEANSTART-2026-OU18540

CLEANSTART-2026-PE52216

CLEANSTART-2026-PK19530

CLEANSTART-2026-PM81907

CLEANSTART-2026-PY36202

CLEANSTART-2026-QL45485

CLEANSTART-2026-QN98167

CLEANSTART-2026-QO29688

CLEANSTART-2026-QO30809

CLEANSTART-2026-QP84300

CLEANSTART-2026-QR52625

CLEANSTART-2026-QS28268

CLEANSTART-2026-QS87161

CLEANSTART-2026-RR42740

CLEANSTART-2026-RX06063

CLEANSTART-2026-SE34232

CLEANSTART-2026-SO13464

CLEANSTART-2026-SV08737

CLEANSTART-2026-SW24654

CLEANSTART-2026-TC76376

CLEANSTART-2026-TD94714

CLEANSTART-2026-TE02851

CLEANSTART-2026-TH33219

CLEANSTART-2026-TL66481

CLEANSTART-2026-TZ10716

CLEANSTART-2026-UF28691

CLEANSTART-2026-UO31069

CLEANSTART-2026-UQ68343

CLEANSTART-2026-UW03847

CLEANSTART-2026-UX07516

CLEANSTART-2026-UY10441

CLEANSTART-2026-VU08393

CLEANSTART-2026-VW96633

CLEANSTART-2026-VZ08395

CLEANSTART-2026-WA14162

CLEANSTART-2026-WA84208

CLEANSTART-2026-WB12909

CLEANSTART-2026-WB86581

CLEANSTART-2026-WB89098

CLEANSTART-2026-WL14185

CLEANSTART-2026-WO11084

CVE-2026-32282

GO-2026-4864

OPENSUSE-SU-2026:10514-1

OPENSUSE-SU-2026:10525-1

OPENSUSE-SU-2026:10673-1

OPENSUSE-SU-2026:20570-1

OPENSUSE-SU-2026:20571-1

RHSA-2026:10217

RHSA-2026:10219

RHSA-2026:10704

RHSA-2026:11507

RHSA-2026:11514

RHSA-2026:11704

RHSA-2026:11711

RHSA-2026:11712

RHSA-2026:11863

RHSA-2026:14200

RHSA-2026:15980

RHSA-2026:16021

RHSA-2026:16024

RHSA-2026:16875

RHSA-2026:17075

RHSA-2026:17084

RHSA-2026:18027

RHSA-2026:18032

RHSA-2026:19136

RHSA-2026:19156

RHSA-2026:19351

RHSA-2026:19369

RHSA-2026:22326

RHSA-2026:7291

RHSA-2026:7385

SUSE-SU-2026:1320-1

SUSE-SU-2026:1321-1

SUSE-SU-2026:1580-1

SUSE-SU-2026:1581-1

Affected Products

Red Os

Rocky Linux

Root.Chmod

CVE-2026-32282

Weakness Enumeration

Related Identifiers

Affected Products

References · 939