CVE-2026-6968

CVSS v3.1

5.9

Medium

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy target/link target, symlinked parent directories in save target, or symlinked metadata filenames in SignedRole::write, because write paths trust the joined destination path without post-resolution containment verification.

We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-6968

Affected Products

Tough

Tuftool

CVE-2026-6968

Weakness Enumeration

Related Identifiers

Affected Products

References · 8