CVE-2026-41991 - CERT CVE
ID CVE-2026-41991
Sažetak GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID (PID). This predictable filename is created without exclusive access or existence checks. A local attacker can pre‑create the predicted temporary file path as a symbolic link pointing to an arbitrary file writable by the victim. When gzexe runs, it follows the symlink and overwrites the target file, resulting in a time‑of‑check to time‑of‑use (TOCTOU) condition that allows arbitrary file overwrite. This issue has been fixed in the commit 4e6f8b24ab823146ab8776f0b7fe486ab34d4269
Reference
CVSS
Base: 4.7
Impact: 3.6
Exploitability:1.0
Pristup
VektorSloženostAutentikacija
LOCAL HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH NONE
CVSS vektor CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Zadnje važnije ažuriranje 01-07-2026 - 14:02
Objavljeno 29-06-2026 - 12:16