CVE Catalog

CVE-2026-9651

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files.

Risk Assessment

The risk includes leakage of user password hashes, which may lead to account takeover and privilege escalation within the system.

Recommendation

Immediately update the software to a version that fixes the permission assignment for system files, and restrict local access to trusted users.

Original NVD description (English source)

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS